git: 44fdcb4c710f - main - www/nginx-devel: update third-party naxsi module to 1.5 (+)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 27 Sep 2023 14:34:51 UTC
The branch main has been updated by osa:
URL: https://cgit.FreeBSD.org/ports/commit/?id=44fdcb4c710f8980f1df24cd426abd4fb8dcf59f
commit 44fdcb4c710f8980f1df24cd426abd4fb8dcf59f
Author: Sergey A. Osokin <osa@FreeBSD.org>
AuthorDate: 2023-09-27 14:30:56 +0000
Commit: Sergey A. Osokin <osa@FreeBSD.org>
CommitDate: 2023-09-27 14:34:40 +0000
www/nginx-devel: update third-party naxsi module to 1.5 (+)
Change the distribution point to GH/wargio due to inactivity
in GH/nbs-system.
Update patches.
Bump PORTREVISION.
---
www/nginx-devel/Makefile | 8 +++++--
www/nginx-devel/Makefile.extmod | 8 ++++---
www/nginx-devel/distinfo | 8 ++++---
.../files/extra-patch-naxsi-libinjection__sqli_c | 13 +++++++++++
www/nginx-devel/files/extra-patch-naxsi_config | 26 ++++++++++++++++++++++
www/nginx-devel/files/extra-patch-naxsi_runtime.c | 23 -------------------
6 files changed, 55 insertions(+), 31 deletions(-)
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index ca52cb1cc231..5533762cbcce 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,6 @@
PORTNAME?= nginx
PORTVERSION= 1.25.2
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= www
MASTER_SITES= https://nginx.org/download/ \
LOCAL/osa
@@ -265,6 +265,10 @@ pre-everything::
.endif
@${ECHO_MSG}
+post-extract-NAXSI-on:
+ @${RMDIR} ${WRKSRC_naxsi}/naxsi_src/libinjection
+ @${LN} -s ${WRKSRC_libinjection} ${WRKSRC_naxsi}/naxsi_src/libinjection
+
pre-patch-HTTPV3-on:
@${MV} ${WRKSRC}/README ${WRKSRC}/README.1st
@@ -355,7 +359,7 @@ do-install-LINK-on:
do-install-NAXSI-on:
${INSTALL_DATA} \
- ${WRKDIR}/naxsi-${NAXSI_NGINX_VER}/naxsi_config/naxsi_core.rules \
+ ${WRKDIR}/naxsi-${NAXSI_NGINX_VER}/naxsi_rules/naxsi_core.rules \
${STAGEDIR}${ETCDIR}
.endif
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index 3179ad66a4b1..201b688de894 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -231,10 +231,12 @@ MODSECURITY3_LIB_DEPENDS= libmodsecurity.so:security/modsecurity3
MODSECURITY3_GH_TUPLE= SpiderLabs:ModSecurity-nginx:v1.0.3:modsecurity3
MODSECURITY3_VARS= DSO_EXTMODS+=modsecurity3
-NAXSI_NGINX_VER= 29793dc
-NAXSI_GH_TUPLE= nbs-system:naxsi:${NAXSI_NGINX_VER}:naxsi
+NAXSI_NGINX_VER= 1.5
+NAXSI_GH_TUPLE= wargio:naxsi:${NAXSI_NGINX_VER}:naxsi \
+ libinjection:libinjection:51f3a96:libinjection
NAXSI_VARS= DSO_EXTMODS+=naxsi NAXSI_SUBDIR=/naxsi_src
-NAXSI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-naxsi_runtime.c
+NAXSI_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-naxsi-libinjection__sqli_c \
+ ${PATCHDIR}/extra-patch-naxsi_config
NJS_GH_TUPLE= nginx:njs:0.8.1:njs
NJS_VARS= DSO_EXTMODS+=njs NJS_SUBDIR=/nginx
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index 1f9bf0eafec8..901e2a898680 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1694980577
+TIMESTAMP = 1695822030
SHA256 (nginx-1.25.2.tar.gz) = 05dd6d9356d66a74e61035f2a42162f8c754c97cf1ba64e7a801ba158d6c0711
SIZE (nginx-1.25.2.tar.gz) = 1214903
SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
@@ -103,8 +103,10 @@ SHA256 (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 8c2bdbe875e4f5225d0778bf
SIZE (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 34654
SHA256 (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b
SIZE (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 34063
-SHA256 (nbs-system-naxsi-29793dc_GH0.tar.gz) = 579df0e50ff32464f7bb152df9d93ea18c05c4aa3966ec4d8c603b5dd629be08
-SIZE (nbs-system-naxsi-29793dc_GH0.tar.gz) = 236932
+SHA256 (wargio-naxsi-1.5_GH0.tar.gz) = 811980efb5c227b29763f0d4eb9b6af096c2ebf33519664dc50004ba0bd9ab50
+SIZE (wargio-naxsi-1.5_GH0.tar.gz) = 1115759
+SHA256 (libinjection-libinjection-51f3a96_GH0.tar.gz) = 617090d8afcf3220e9e4ee00a1c76d323ce1b3212f727fc32ee75634848fb014
+SIZE (libinjection-libinjection-51f3a96_GH0.tar.gz) = 2217537
SHA256 (nginx-njs-0.8.1_GH0.tar.gz) = 0450d9652d3cfe7dd9f802d6f790a3616e1612eef447195cd3daa5d43b395881
SIZE (nginx-njs-0.8.1_GH0.tar.gz) = 729780
SHA256 (opentracing-contrib-nginx-opentracing-v0.24.0_GH0.tar.gz) = 5328c5f37e0615b5252aed51b9cd40f3d14989d995ad54134076aeda4ab9b280
diff --git a/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c b/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c
new file mode 100644
index 000000000000..9aeec390a0de
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c
@@ -0,0 +1,13 @@
+--- ../libinjection-51f3a96/src/libinjection_sqli.c.orig 2023-05-30 15:47:57.333208000 -0400
++++ ../libinjection-51f3a96/src/libinjection_sqli.c 2023-05-30 15:49:52.273873000 -0400
+@@ -305,8 +303,8 @@
+ static void st_assign(stoken_t * st, const char stype,
+ size_t pos, size_t len, const char* value)
+ {
+- const size_t MSIZE = LIBINJECTION_SQLI_TOKEN_SIZE;
+- size_t last = len < MSIZE ? len : (MSIZE - 1);
++ const size_t NAXSI_MSIZE = LIBINJECTION_SQLI_TOKEN_SIZE;
++ size_t last = len < NAXSI_MSIZE ? len : (NAXSI_MSIZE - 1);
+ st->type = (char) stype;
+ st->pos = pos;
+ st->len = last;
diff --git a/www/nginx-devel/files/extra-patch-naxsi_config b/www/nginx-devel/files/extra-patch-naxsi_config
new file mode 100644
index 000000000000..a73cf8f4e085
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-naxsi_config
@@ -0,0 +1,26 @@
+--- ../naxsi-1.5/naxsi_src/config.orig 2023-09-27 09:43:18.644606000 -0400
++++ ../naxsi-1.5/naxsi_src/config 2023-09-27 09:44:37.585970000 -0400
+@@ -24,11 +24,6 @@
+ "
+
+ # try to use libinjection as system library
+-LIBINJECTION_CFLAGS="$(pkg-config --cflags libinjection)"
+-LIBINJECTION_LIBS="$(pkg-config --libs libinjection)"
+-LIBINJECTION_FOUND="$?"
+-
+-if [ "$LIBINJECTION_FOUND" != "0" ]; then
+ if [ ! -d "$ngx_addon_dir/libinjection/src/" ]; then
+ echo "Cannot find 'libinjection' submodule."
+ exit 1;
+@@ -43,11 +38,6 @@
+ naxsi_sources="$naxsi_sources $ngx_addon_dir/libinjection_ngxbuild/$src_file"
+ done;
+ CFLAGS="$CFLAGS -DLIBINJECTION_VERSION=0 -I$ngx_addon_dir/libinjection_ngxbuild/"
+-else
+- echo "Using system libinjection"
+- CFLAGS="$CFLAGS $LIBINJECTION_CFLAGS"
+- ngx_feature_libs="$LIBINJECTION_LIBS"
+-fi
+
+ # NGINX module condfiguration.
+ ngx_addon_name=naxsi
diff --git a/www/nginx-devel/files/extra-patch-naxsi_runtime.c b/www/nginx-devel/files/extra-patch-naxsi_runtime.c
deleted file mode 100644
index c08dd1f92540..000000000000
--- a/www/nginx-devel/files/extra-patch-naxsi_runtime.c
+++ /dev/null
@@ -1,23 +0,0 @@
---- ../naxsi-29793dc/naxsi_src/naxsi_runtime.c.orig 2022-07-10 18:11:39.685243000 -0400
-+++ ../naxsi-29793dc/naxsi_src/naxsi_runtime.c 2022-07-10 18:14:53.935554000 -0400
-@@ -9,6 +9,11 @@
- #include "naxsi_macros.h"
- #include "naxsi_net.h"
-
-+#if (NGX_PCRE2)
-+#include <pcre2.h>
-+#else
-+#include <pcre.h>
-+#endif
- /* used to store locations during the configuration time.
- then, accessed by the hashtable building feature during "init" time. */
-
-@@ -181,7 +186,7 @@
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
-
--#if defined nginx_version && (nginx_version >= 1021005)
-+#if (NGX_PCRE2)
- /*
- * variables to use pcre2
- */