{"bugs":[{"bugid":891777,"firstseen":"2025-07-11T02:48:40.189262","severity":"minor","status":"IN_PROGRESS","summary":"<www-apache\/mod_security-2.9.7, <dev-libs\/modsecurity-3.0.9: multiple vulnerabilities"},{"bugid":932611,"firstseen":"2025-07-11T02:48:40.189262","severity":"normal","status":"CONFIRMED","summary":"www-apache\/mod_security-2.9.7 - [ncurses-6.5] [gcc-15] [llvm] ld.lld: error: ...\/crti.o is incompatible with elf32-i386"},{"bugid":965722,"firstseen":"2025-11-06T03:05:07.054148","severity":"normal","status":"IN_PROGRESS","summary":"<www-apache\/mod_security-2.9.12: Multiple vulnerabilities"}],"categories":[{"categoryid":312,"name":"app-crypt","summary":"The app-crypt category contains cryptographic (encryption, decryption, steganography and signing) software."},{"categoryid":450,"name":"dev-lang","summary":"The dev-lang category contains various programming language implementations and related tools."},{"categoryid":393,"name":"dev-libs","summary":"The dev-libs category contains various miscellaneous programming libraries."},{"categoryid":451,"name":"net-misc","summary":"The net-misc category contains various miscellaneous networking tools and utilities."},{"categoryid":343,"name":"sys-apps","summary":"The sys-apps category contains various core system applications, and some non-core system applications which have not yet been moved out into other sys- categories."},{"categoryid":381,"name":"sys-libs","summary":"The sys-libs category contains various system-level libraries."},{"categoryid":396,"name":"virtual","summary":"The virtual category contains packages which satisfy virtual dependencies."},{"categoryid":460,"name":"www-apache","summary":"The www-apache category contains modules for the Apache webserver."},{"categoryid":379,"name":"www-servers","summary":"The www-servers category contains web server packages."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"193f85ad60718c6786f9228b06b7b543efbb1bcd","committime":"2026-03-11T13:30:48","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"bacs@librecast.net","authorname":"Brett A C Sheffield","body":"Bug: https:\/\/bugs.gentoo.org\/965722\nSigned-off-by: Brett A C Sheffield <bacs@librecast.net>\nPart-of: https:\/\/codeberg.org\/gentoo\/gentoo\/pulls\/284\nMerges: https:\/\/codeberg.org\/gentoo\/gentoo\/pulls\/284\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"755482f6246c8870e49a650ac95cb0e2f777475a","committime":"2026-03-10T21:24:02","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: drop 2.9.8-r1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"f82a0806cf015dc54adc43d3eef89aef9a203c38","committime":"2025-12-11T01:00:48","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"eschwartz@gentoo.org","authorname":"Eli Schwartz","body":"Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>","commitid":"bba91edaae7eb37a084c3ea5b5184ea7a1d14f12","committime":"2025-12-11T00:50:22","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.12 x86, #967311"},{"authoremail":"eschwartz@gentoo.org","authorname":"Eli Schwartz","body":"Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>","commitid":"c68865456404e1fdd03d15c19a35159a5b214037","committime":"2025-12-11T00:50:21","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.12 amd64, #967311"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"7e2cfd5fc9f143aff36f9b4da27dbd37fdcfeffe","committime":"2025-11-06T02:50:41","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Make pcre2 mandatory. 2.9.9 upstream made this the default too.\n\nBug: https:\/\/bugs.gentoo.org\/965722\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"6797f69e531b1eee893dbd9213ceb0b07029a482","committime":"2025-11-06T02:25:32","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: add 2.9.12"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"12e58388318cb86b218896d52e2bbee159b191dd","committime":"2025-07-27T18:23:08","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"arthurzam@gentoo.org","authorname":"Arthur Zamarin","body":"Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>","commitid":"8974742ff9d0ac97a1ddfaf10891e6ec60802f4b","committime":"2025-07-27T17:59:58","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: drop 2.9.7-r1, EAPI=7--"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d8db3a35114b54fa0cffb64d2a649462c11ee1a3","committime":"2025-06-09T03:23:52","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"parona@protonmail.com","authorname":"Alfred Wingate","body":"Signed-off-by: Alfred Wingate <parona@protonmail.com>\nPart-of: https:\/\/github.com\/gentoo\/gentoo\/pull\/41919\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"fe6a5d699db84887d3cdec63d69c8fade13fffeb","committime":"2025-05-03T17:09:53","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: add dev-libs\/libxml2 subslot op for incoming ABI break"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"85082741c9be1c8d98f150aa0626e50cc9a55fa3","committime":"2025-03-08T15:03:21","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"jsmolic@gentoo.org","authorname":"Jakov Smolić","body":"Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>","commitid":"5c35f291d89150973d9e30bb916105f84da8b251","committime":"2025-03-08T14:51:28","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.8 amd64, #950863"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"cd38a2ab6df4192bdfcad1958690e8147513496d","committime":"2025-03-08T12:18:16","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"73ad6a0f984b763dc3b8f92bd572afee3fb59d33","committime":"2025-03-08T12:07:33","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.8 x86, #950863"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d4f9213abb344c7d92c4de4c4cf6f5b329a98bc1","committime":"2024-12-01T12:18:19","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Project owner changed from Trustwave to OWASP:\nhttps:\/\/owasp.org\/blog\/2024\/01\/09\/ModSecurity\n\nSigned-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/39039\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"7b148743444421207e067d25ebda49b07f21e96c","committime":"2024-10-19T05:58:31","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: add 2.9.8"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"3548511996bfd3574f9e3a3a433fb9e7526f3f58","committime":"2024-01-12T15:05:10","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Per the category metadata, app-doc\/ is reserved for documentation\n*files* and not software.  Move it to app-text\/ where it seems a better\nfit.\n\nSigned-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"f7fdfdaeec3764929686064a6054c38a6b2d7788","committime":"2024-01-11T16:04:37","packageid":45530,"repoid":1,"summary":"Move {app-doc → app-text}\/doxygen"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"3a2c4111de32dbadd4168df82bd1a70582b1cd5b","committime":"2024-01-11T14:20:11","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nSigned-off-by: Joonas Niilola <juippis@gentoo.org>","commitid":"85dcb9c8a557fb458eea6cf7b0a0b319d8a54220","committime":"2023-11-10T15:47:46","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: drop vulnerable"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"fb5cf6a0cba7ab6e2a0899059875576c86dfcd77","committime":"2023-03-09T23:46:52","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"6c4267f22fe76f503901a2abcb24674b599a4a4d","committime":"2023-03-09T23:34:32","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.7 amd64, #900615"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"0d61849c175af5b821ac31ffd6ac949e0c5912c0","committime":"2023-03-09T23:34:30","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.7 x86, #900615"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"9528c8cd8b26ceac8d501815b30e049d1523545d","committime":"2023-02-05T09:16:52","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"juippis@gentoo.org","authorname":"Joonas Niilola","body":"Signed-off-by: Joonas Niilola <juippis@gentoo.org>","commitid":"5231b13a072deddffc9a6c5aa5d7eab03faa6f99","committime":"2023-02-05T08:57:17","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: update COMMON_DEPEND to just DEPEND in 2.9.7"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Bug: https:\/\/bugs.gentoo.org\/891777\nSigned-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/29267\nSigned-off-by: Joonas Niilola <juippis@gentoo.org>","commitid":"ff270e81a87d860d557a52ee763ad810f93e586a","committime":"2023-01-25T15:27:47","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: add 2.9.7"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"7890890a9e7ed7eaab6e45a3b62076d5b96a2adc","committime":"2022-12-02T17:31:44","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/28504\nSigned-off-by: John Helmert III <ajak@gentoo.org>","commitid":"55f797c4a75a4a05bbaff941be3aa29b6802aa16","committime":"2022-12-02T06:21:57","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: drop vulnerable"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"9a6ebb609ee7dcb1f5d0da3679252272ff5c4a44","committime":"2022-12-02T03:46:42","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"90e70e766a2b5411af2fe2b0ee4a247996d5af90","committime":"2022-12-02T03:38:06","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.6 amd64, #883951"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"06e23b87593726139dd4b9a4ec91ae4bfa2148b5","committime":"2022-12-02T03:33:53","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.6 x86, #883951"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"1773c07ccf797b646775c419f1ebc7aab6ebd64d","committime":"2022-11-19T03:31:45","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/27885\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"facddf1c3e160f3013f0b7c46ca8f122e5bdcc86","committime":"2022-10-22T03:27:22","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: add 2.9.6"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"deaa0332071fa5851cba123b9563d64b98680991","committime":"2022-02-20T00:51:49","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/24272\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"3593f952ae981bc25e6486b04bda7fff196edcdd","committime":"2022-02-19T10:44:47","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: drop old"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Closes: https:\/\/bugs.gentoo.org\/642476\nSigned-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"2ca6bc6ad0eed589bffad56c71d0974e957ed464","committime":"2022-02-19T10:43:29","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: keep unicode.mapping"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d46a4862cf1c436f77bfc199a5481439920a3ee5","committime":"2021-12-22T01:06:40","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"65bad5e237e9806305d33b0af66d202c1db7409b","committime":"2021-12-22T00:51:33","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"08981e8a04e4601931df4d3d035d7d11559bc7f4","committime":"2021-12-22T00:45:09","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.5 x86, #829741"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"8301691c6158cda46edf277b8aa8662934a7d4db","committime":"2021-12-22T00:44:03","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.5 amd64, #829741"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"0aa605029d586e7f502d587ff1bbc3198e09fd1a","committime":"2021-12-21T02:21:46","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomáš Mózes","body":"Closes: https:\/\/bugs.gentoo.org\/811087\nSigned-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/23437\nSigned-off-by: Sam James <sam@gentoo.org>","commitid":"7409a6f61fe4a99c70178624ab8129cde33f2bfc","committime":"2021-12-20T18:18:38","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: bump to 2.9.5"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"b2f48538753b53fba2d55567120239ef30bc4fb3","committime":"2021-06-01T20:35:27","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"806140f939616e167c2f8ead5f5b3bcfd9dae871","committime":"2021-06-01T20:12:57","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: conditionally call lua-single_pkg_setup"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"e7878bf2994fdf6cf1a43844fb25da1eaa800086","committime":"2021-01-25T19:32:25","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"marecki@gentoo.org","authorname":"Marek Szuba","body":"Signed-off-by: Marek Szuba <marecki@gentoo.org>","commitid":"a8c788901c88ecb6b88c57bdba7f519ed84e8dec","committime":"2021-01-25T13:57:17","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: remove old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"48b898b6f78a51a15af88d3b124b39ca4e905475","committime":"2021-01-23T05:32:48","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"a59ada83e4ffbee9dabc0afdfbb747e8fdc65a1a","committime":"2021-01-23T04:19:49","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.3-r100 x86, #766528"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"b469a089c83f9efbe52ae0b203a6ff47cd729195","committime":"2021-01-23T04:09:37","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Stabilize 2.9.3-r100 amd64, #766528"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"f701768640a4bd8c6d97c536733e5b7ba2b9e85c","committime":"2020-11-09T19:05:24","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"marecki@gentoo.org","authorname":"Marek Szuba","body":"Signed-off-by: Marek Szuba <marecki@gentoo.org>","commitid":"d1097ac1a05217f6e09937c3ced64a190a86d362","committime":"2020-11-09T18:34:50","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: remove old"},{"authoremail":"marecki@gentoo.org","authorname":"Marek Szuba","body":"Closes: https:\/\/bugs.gentoo.org\/752513\nSigned-off-by: Marek Szuba <marecki@gentoo.org>","commitid":"03e5af320cedd6609c4f3ff10db83c7cc2dd898a","committime":"2020-11-09T18:32:16","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: migrate to lua-single.eclass"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"9e649b5ee187ed6905732c2042058bbaa7722b7e","committime":"2020-10-07T07:35:16","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"db9ea784bd8e99ff2de8c60af7cbd33aa96928ac","committime":"2020-10-07T07:05:21","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: Portage-2.3.103, Repoman-2.3.23\nRepoMan-Options: --include-arches=\"x86\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"e770840c99ac7e24d2a025e1365dac188ec8fad9","committime":"2020-10-07T07:04:49","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: x86 stable wrt bug #745990"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: Portage-2.3.103, Repoman-2.3.23\nRepoMan-Options: --include-arches=\"amd64\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"def7ac3a447ba0c2724d01fd89c476510b409d19","committime":"2020-10-07T06:35:29","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: amd64 stable wrt bug #745990"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"c242550b22d14b9081b6ee1ae00e4be73e374572","committime":"2020-06-04T09:35:18","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sokolov@google.com","authorname":"Alexey Sokolov","body":"Package-Manager: Portage-2.3.99, Repoman-2.3.22\nSigned-off-by: Alexey Sokolov <sokolov@google.com>\nSigned-off-by: David Seifert <soap@gentoo.org>","commitid":"62eb6d7e6272e083f5eda928cf2940f6a1f2fb4c","committime":"2020-06-04T09:03:41","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: update homepage"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"20eaebbed7acf8dde219128fb07bdd9c4ef6897c","committime":"2019-03-10T22:45:49","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomas Mozes","body":"Patch-by: Dennis Lichtenthäler\nCloses: https:\/\/bugs.gentoo.org\/679522\nPackage-Manager: Portage-2.3.62, Repoman-2.3.12\nSigned-off-by: Tomáš Mózes <hydrapolic@gmail.com>\nCloses: https:\/\/github.com\/gentoo\/gentoo\/pull\/11296\nSigned-off-by: Patrice Clement <monsieurp@gentoo.org>","commitid":"61c02bdcbe2db4c25cb2d76291794a649a4c1ba2","committime":"2019-03-08T09:35:32","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: fix building USE=doc."},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"4e7890bb0afd441560fbfcbffd5b8674d65bbbf6","committime":"2019-03-04T01:43:53","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"hydrapolic@gmail.com","authorname":"Tomas Mozes","body":"Signed-off-by: Tomas Mozes <hydrapolic@gmail.com>\nSigned-off-by: Thomas Deutschmann <whissi@gentoo.org>","commitid":"7d32d9f13e0545d7cb004cb9b1c10c82b130f0c6","committime":"2019-02-23T11:57:59","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: bump to 2.9.3"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"14b1cbd44e14543425ede8dfa3c02f25dd9f06ce","committime":"2018-10-31T18:44:07","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"pacho@gentoo.org","authorname":"Pacho Ramos","body":"Signed-off-by: Pacho Ramos <pacho@gentoo.org>\nPackage-Manager: Portage-2.3.51, Repoman-2.3.11","commitid":"71da5b2b9bb14d40d9c00e66efbb8909b9ba02d3","committime":"2018-10-31T18:32:40","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: Drop old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"f542659d2a0f082636a1b9700569f3b763d7147f","committime":"2018-10-20T18:24:03","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"zlogene@gentoo.org","authorname":"Mikle Kolyada","body":"Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>\nPackage-Manager: Portage-2.3.49, Repoman-2.3.11","commitid":"c6fb4b55a08850f2740a0bc014704c1ff9baf2da","committime":"2018-10-20T18:00:47","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: amd64 stable wrt bug #668050"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"7234b0371dd70335deca035dfa5d81666709b27c","committime":"2018-10-14T02:04:15","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"whissi@gentoo.org","authorname":"Thomas Deutschmann","body":"Package-Manager: Portage-2.3.50, Repoman-2.3.11\nSigned-off-by: Thomas Deutschmann <whissi@gentoo.org>","commitid":"9a25bf4a16d7749824fcdffae5c973b012084668","committime":"2018-10-14T01:41:51","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: x86 stable (bug #668050)"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"80bddbeff24f1327640c901bb9c83ea5509c6e42","committime":"2017-05-14T14:01:49","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mjo@gentoo.org","authorname":"Michael Orlitzky","body":"I've made a few small changes to the configuration file that we\ninstall by default. First, I've added two settings, SecTmpDir and\nSecUploadDir, which serve a similar purpose as the existing\nSecDataDir. All of those need to be located somewhere safe, and the\nupstream defaults point to \/tmp (which is not safe). It is therefore\nnecessary that we override them, and point them to a location that is\ncreated and made private in the ebuild. We now use\n\n  \/var\/lib\/modsecurity\/{data,tmp,upload}\n\nand I've made them mode 0750 by default (owned by apache:apache).\n\nI've also removed two settings that used to be present. Our default\nconfiguration is extremely close to the upstream defaults, and sets\nalmost nothing in 79_mod_security.conf explicitly. The presence of\nSecHttpBlKey was therefore rather strange, since it was disabled by\ndefault and contained nothing Gentoo-specific. I've removed it for\nconsistency (it is documented upstream for people who want it).\n\nThe other setting that I've removed is SecGeoLookupDb. This one could\nat least be justified for containing a Gentoo-specific path. However,\nthe path doesn't work out-of-the-box; it requires you to (manually, or\nvia cron) update your GeoIP database at least once before using it. At\nthat point, you know the location of the database, and can point\nmod_security to it yourself. Taking that into consideration, it again\nmakes more sense to omit the setting for consistency and defer to the\nupstream documentation and defaults.\n\nPackage-Manager: Portage-2.3.3, Repoman-2.3.1","commitid":"bdd24a8411337b6308e001e3e3016930c8e55007","committime":"2017-05-14T00:17:43","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: new revision with updated default configuration."},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"845adf4888bde3de2a0cb574bd155940d278e618","committime":"2017-05-08T02:01:48","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mjo@gentoo.org","authorname":"Michael Orlitzky","body":"There are a few important changes in this version. First, there is a\nnew USE flag \"mlogc\" for the audit log collector. USE=curl was too\nconfusing. Oh, and it actually installs the log collector files now.\n\nNext, I've moved the SecDataDir under \/var\/lib to eliminate a QA\nwarning. That's a better place for it anyway, because it doesn't hold\ncached data (we have no way to recreate the stuff if it disappears).\n\nI've dropped the code that enables\/disables the GeoIP stuff in the\nconfiguration file. We don't need to sed our users' configurations\nbased on USE flags: they'll set it to what they want, and we should\nleave it that way. The flag is still there to pull in the geoip libs.\nThe configuration file is named 79_mod_security.conf now, for consistency.\n\nThere are two completely new flags, USE=json and USE=fuzzyhash to\nenable new upstream features. Some missing dependencies were added,\nand the docs are being built with doxygen for now.\n\nThe following users submitted code and\/or suggestions that I've\nused. Thanks guys!\n\n  * Chris Frederick\n  * Graham E\n  * Leho Kraav\n  * Mario D. Santana\n\nGentoo-Bug: 518828\nGentoo-Bug: 594720\nGentoo-Bug: 605496\nGentoo-Bug: 615294\n\nPackage-Manager: Portage-2.3.3, Repoman-2.3.1","commitid":"15381ae65d3f18a94bc800fa5d049c83f533043e","committime":"2017-05-08T01:43:42","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: new version 2.9.1 to fix some bugs."},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"25093d6359f778b8d1052f66ba9e26fc29ded21a","committime":"2017-02-28T20:35:29","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"robbat2@gentoo.org","authorname":"Robin H. Johnson","body":"Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>","commitid":"61b861acd7b49083dab687e133f30f3331cb7480","committime":"2017-02-28T19:47:27","packageid":45530,"repoid":1,"summary":"Drop $Id$ per council decision in bug #611234."},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"c1be9224a15a973061d5311589408c58277f1410","committime":"2016-07-17T22:21:59","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"bman@gentoo.org","authorname":"Aaron Bauman","commitid":"f9f1f3dc99de237ca4fce5c5ee4a540900ce42ca","committime":"2016-07-17T22:16:21","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: cleanup vulnerable versions wrt bug 506454"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"92cb8feef77609258e3c93aa44b6f25c29320765","committime":"2016-07-08T10:22:02","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: portage-2.2.28\nRepoMan-Options: --include-arches=\"sparc\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"d08448045cc7eb15a74e2fd4b2a7c51208eba9bf","committime":"2016-07-08T10:00:27","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: sparc stable wrt bug #506454"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"32c406f6c46ca5e4f6377df268351985504be718","committime":"2016-07-08T08:02:12","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: portage-2.2.28\nRepoMan-Options: --include-arches=\"ppc\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"c58f406b1be7432929d99210cb9a76616061f4d1","committime":"2016-07-08T07:51:58","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: ppc stable wrt bug #506454"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"819a584d5a93d4f7bf7794a8b48403ea882dea8f","committime":"2016-06-27T09:01:50","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: portage-2.2.28\nRepoMan-Options: --include-arches=\"x86\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"5313302c7eb188fb12f7ca1caa841ce692f2ac67","committime":"2016-06-27T08:47:04","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: x86 stable wrt bug #506454"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"7b33d3203e58aae4949169d7597ec7bdcbd7b641","committime":"2016-06-27T08:46:13","packageid":45530,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"ago@gentoo.org","authorname":"Agostino Sarubbo","body":"Package-Manager: portage-2.2.28\nRepoMan-Options: --include-arches=\"amd64\"\nSigned-off-by: Agostino Sarubbo <ago@gentoo.org>","commitid":"f907f07460fdd86b15676d3ebc9c9326bb238505","committime":"2016-06-27T08:22:02","packageid":45530,"repoid":1,"summary":"www-apache\/mod_security: amd64 stable wrt bug #506454"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"945f0d2a26da4f944fd06ad6a874f69d37ce1e06","committime":"2015-08-09T09:26:46","packageid":45530,"repoid":1,"summary":"2015-08-09 09:26:21 UTC"},{"authoremail":"robbat2@gentoo.org","authorname":"Robin H. Johnson","body":"This commit represents a new era for Gentoo:\nStoring the gentoo-x86 tree in Git, as converted from CVS.\n\nThis commit is the start of the NEW history.\nAny historical data is intended to be grafted onto this point.\n\nCreation process:\n1. Take final CVS checkout snapshot\n2. Remove ALL ChangeLog* files\n3. Transform all Manifests to thin\n4. Remove empty Manifests\n5. Convert all stale $Header$\/$Id$ CVS keywords to non-expanded Git $Id$\n5.1. Do not touch files with -kb\/-ko keyword flags.\n\nSigned-off-by: Robin H. Johnson <robbat2@gentoo.org>\nX-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests\nX-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project\nX-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration\nX-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn\nX-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts\nX-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration\nX-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging\nX-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed","commitid":"56bd759df1d0c750a065b8c845e93d5dfa6b549d","committime":"2015-08-08T20:49:04","packageid":45530,"repoid":1,"summary":"proj\/gentoo: Initial commit"},{"authoremail":"repo-qa-checks@gentoo.org","authorname":"Repository QA checks","commitid":"a637bd65b7fef8e2be4e7fc6e9097479372e0e2e","committime":"2015-06-19T16:38:33","packageid":45530,"repoid":1,"summary":"2015-06-19 16:35:30 UTC"}],"dependencies":[{"block":false,"categoryid":450,"description":"A powerful light-weight programming language designed for extending applications","ebuildids":[881205,881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"rafaelmartins@gentoo.org","maintainername":"Rafael G. Martins","name":"lua","packageid":43035},{"block":false,"categoryid":393,"description":"Stream-oriented XML parser library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"freedesktop-bugs@gentoo.org","maintainername":"Gentoo Freedesktop Project","name":"expat","packageid":44320},{"block":false,"categoryid":393,"description":"XML C parser and toolkit","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"gnome@gentoo.org","maintainername":"Gentoo GNOME Desktop","name":"libxml2","packageid":45251},{"block":false,"categoryid":379,"description":"The Apache Web Server","ebuildids":[881205,881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apache","packageid":46426,"summary":"The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards."},{"block":false,"categoryid":393,"description":"Apache Portable Runtime Library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apr","packageid":46464},{"block":false,"categoryid":393,"description":"Apache Portable Runtime Utility Library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apr-util","packageid":48182},{"block":false,"categoryid":381,"description":"Standard GNU database libraries","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"gdbm","packageid":48717},{"block":false,"categoryid":343,"description":"Various useful Linux utilities","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"util-linux","packageid":48792},{"block":false,"categoryid":451,"description":"A Client that groks URLs","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"blueness@gentoo.org","maintainername":"Anthony G. Basile","name":"curl","packageid":54768},{"block":false,"categoryid":393,"description":"Small event-driven (SAX-style) JSON parser","ebuildids":[881205],"firstseen":"2010-05-24T14:35:02.922884","maintainer":"xmw@gentoo.org","maintainername":"Michael Weber","name":"yajl","packageid":55811},{"block":false,"categoryid":312,"description":"Computes context triggered piecewise hashes (fuzzy hashes)","ebuildids":[881205],"firstseen":"2014-02-01T14:37:50.204530","maintainer":"crypto@gentoo.org","maintainername":"Crypto","name":"ssdeep","packageid":61893},{"block":false,"categoryid":393,"description":"Perl-compatible regular expression library","ebuildids":[881205],"firstseen":"2016-08-15T13:37:20.779690","name":"libpcre2","packageid":65707},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[881205],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797}],"depending":[{"block":false,"categoryid":460,"description":"OWASP ModSecurity Core Rule Set","ebuildids":[846685,871036,881206],"firstseen":"2010-09-24T14:33:55.150299","name":"modsecurity-crs","packageid":56327}],"ebuilds":[{"archs":["amd64","x86"],"ebuildid":881205,"firstseen":"2025-11-06T03:05:14.850362","license":"Apache-2.0","moddate":"2026-03-22T20:20:58","packageid":45530,"repoid":1,"slot":"0","uses":["doc","fuzzyhash","geoip","jit","json","lua","lua_single_target_lua5-1","lua_single_target_lua5-3","mlogc"],"version":"2.9.12"}],"masks":[],"package":{"categoryid":460,"description":"Application firewall and intrusion detection for Apache","firstseen":"2010-05-04T00:54:45.661860","name":"mod_security","packageid":45530},"rdependencies":[{"block":false,"categoryid":450,"description":"A powerful light-weight programming language designed for extending applications","ebuildids":[881205,881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"rafaelmartins@gentoo.org","maintainername":"Rafael G. Martins","name":"lua","packageid":43035},{"block":false,"categoryid":393,"description":"Stream-oriented XML parser library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"freedesktop-bugs@gentoo.org","maintainername":"Gentoo Freedesktop Project","name":"expat","packageid":44320},{"block":false,"categoryid":450,"description":"Larry Wall's Practical Extraction and Report Language","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"perl@gentoo.org","maintainername":"Gentoo Perl Project","name":"perl","packageid":44582},{"block":false,"categoryid":393,"description":"XML C parser and toolkit","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"gnome@gentoo.org","maintainername":"Gentoo GNOME Desktop","name":"libxml2","packageid":45251},{"block":false,"categoryid":379,"description":"The Apache Web Server","ebuildids":[881205,881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apache","packageid":46426,"summary":"The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards."},{"block":false,"categoryid":393,"description":"Apache Portable Runtime Library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apr","packageid":46464},{"block":false,"categoryid":393,"description":"Apache Portable Runtime Utility Library","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"polynomial-c@gentoo.org","maintainername":"Lars Wendler","name":"apr-util","packageid":48182},{"block":false,"categoryid":381,"description":"Standard GNU database libraries","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"gdbm","packageid":48717},{"block":false,"categoryid":343,"description":"Various useful Linux utilities","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"util-linux","packageid":48792},{"block":false,"categoryid":393,"description":"GeoIP Legacy C API","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"netmon@gentoo.org","maintainername":"Gentoo network monitoring and analysis project","name":"geoip","packageid":52217},{"block":false,"categoryid":451,"description":"A Client that groks URLs","ebuildids":[881205],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"blueness@gentoo.org","maintainername":"Anthony G. Basile","name":"curl","packageid":54768},{"block":false,"categoryid":393,"description":"Small event-driven (SAX-style) JSON parser","ebuildids":[881205],"firstseen":"2010-05-24T14:35:02.922884","maintainer":"xmw@gentoo.org","maintainername":"Michael Weber","name":"yajl","packageid":55811},{"block":false,"categoryid":312,"description":"Computes context triggered piecewise hashes (fuzzy hashes)","ebuildids":[881205],"firstseen":"2014-02-01T14:37:50.204530","maintainer":"crypto@gentoo.org","maintainername":"Crypto","name":"ssdeep","packageid":61893},{"block":false,"categoryid":393,"description":"Perl-compatible regular expression library","ebuildids":[881205],"firstseen":"2016-08-15T13:37:20.779690","name":"libpcre2","packageid":65707},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[881205],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797}],"repos":[{"branch":"master","lastcommit":"52197549fd3431fa256b8edbafdcd3702dd0e134","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/github.com\/owasp-modsecurity\/ModSecurity"],"uses":[{"description":"Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally","isdefault":false,"use":"doc"},{"description":"Support fuzzy hash computations (to detect malware, for example) using the app-crypt\/ssdeep package.","isdefault":false,"packageid":45530,"use":"fuzzyhash"},{"description":"Pull in dev-libs\/geoip for use by the SecGeoLookupDb directive.","isdefault":false,"packageid":45530,"use":"geoip"},{"description":"Add support for the PCRE Just-in-Time optimisation, as enabled by dev-libs\/libpcre2 with jit USE flag enabled. Might not be available on hardened systems.","isdefault":false,"packageid":45530,"use":"jit"},{"description":"Suppose JSON in the request body parser through dev-libs\/yajl.","isdefault":false,"packageid":45530,"use":"json"},{"description":"Enable Lua scripting support","isdefault":false,"use":"lua"},{"description":"Build and install the ModSecurity Audit Log Collector (mlogc).","isdefault":false,"packageid":45530,"use":"mlogc"},{"description":"Build for Lua 5.1 only","group":"lua_single_target","isdefault":false,"use":"lua5-1"},{"description":"Build for Lua 5.3 only","group":"lua_single_target","isdefault":false,"use":"lua5-3"}]}