The collection is filled with a key-value set where value is the content of
the file which was uploaded. This collection can be used with all supported
operators, however, SecTmpSaveUploadedFiles should be set to 'On' in order
to have this collection filled. Note that @inspectFile is now depending on
SecTmpSaveUploadedFiles. This is necessary to keep performance while such
functionalities where not used.

ssdeep will be used with the @fuzzyHash operator which is under
development

The fuzzyHash operator can be used to match files. In conjuntcion
with FILES_TMP_CONTENT collection it can scan uploaded files and
try to match it with a pre caculated list of know malicious content,
more details on how it works can be found on ssdeep website:
http://ssdeep.sourceforge.net/

Added 30-fuzzyHash.t and the ssdeep hash files. Hash files was generated using
files from ModSecurity repository.

FuzzyHash operator is optional and only installed if the headers for libfuzzy
was found in the system. Otherwise, the FuzzyHash operator is disable during
the compilation. After this commit, if some rules tries to use it, ModSecurity
will produce an runtime error not a config time error, allowing the web server
to procede normal with its operations.

Necessary to fix the build on Win8 VS 2011

As of Automake 1.4, it starts to warning about the lack of utilization
of `subdir-objects' option, which will be default in the further
releases. Avoiding break stuff we are patching ModSecurity to support
such option when it still an option (Issue #760).

After enable `subdir-objects', the variable $(top_srcdir) was not being
resolved, a directory labeled "$(top_srcdir)" was created instead.

Using apr-util installed by Macports results in build failure because apr-util uses BerkeleyDB that MacPorts installs into a subdir of $prefix/lib and $prefix/include (so that multiple versions of BerkeleyDB can be installed simultaneously). apu-1-config's --ldflags output includes the -L/path/to/bdb that's needed.

As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
TLS 1.2. Servers should not answer SSLv3 after poodle.

Seems like curl versions older than 7.34.0 does not have support for
`CURL_SSLVERSION_TLSv1_2'. In this cases, using CURL_SSLVERSION_TLSv1
which was added at version 7.9.2. ModSecurity demands a curl version
newer than 7.15.1.

If SecServerSignature is used ModSecurity should send the real data, not the
one informed to SecServerSignature.
Originally reported by: Linas

As reported at #714 status calls with long `apache version' name was broken.
DNS queries cannot be so long. This field is now limited to 25 characters
which is a valid size when encoded into base32

On Apache platform the server signature can be replaced using the
SecServerSignature directive. Status call was using the signature informed by
this directive instead of using the original one. As reported at #702.

Conflicts:
	apache2/msc_util.h
	build/find_ssdeep.m4
	iis/Makefile.win
	iis/build_dependencies.bat
	iis/build_modsecurity.bat
	mlogc/mlogc.c
	tests/Makefile.am
	tests/regression/misc/30-fuzzyHash.t