220353 – www/nginx: Add mod_security v3 support

Bug 220353 - www/nginx: Add mod_security v3 support

Summary: www/nginx: Add mod_security v3 support

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Jochen Neumeister

URL:
Keywords:	feature, patch

Depends on:	220352
Blocks:
	Show dependency tree / graph

Reported:	2017-06-29 11:02 UTC by Marius Halden
Modified:	2017-08-19 08:45 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	pi: maintainer-feedback? (joneum)

Attachments
nginx-mod_security-devel.diff (2.05 KB, patch) 2017-06-29 11:02 UTC, Marius Halden	no flags	Details \| Diff
nginx-1.12.1-mod_security-devel.patch (2.33 KB, patch) 2017-07-28 11:23 UTC, Marius Halden	no flags	Details \| Diff
nginx-1.12.1-mod_security-devel.patch (2.32 KB, patch) 2017-08-02 13:46 UTC, Marius Halden	no flags	Details \| Diff
modsec-nginx-fix.patch (553 bytes, patch) 2017-08-16 19:56 UTC, Marius Halden	no flags	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marius Halden 2017-06-29 11:02:17 UTC

Created attachment 183907 [details]
nginx-mod_security-devel.diff

Hi,

The attached patch adds support for mod_security version 3 to nginx. ModSecurity v3 is the next version of ModSecurity currently under development. It is developed as a library independent of webservers and can be used from different connectors such as the ModSecurity-nginx module used by this port/patch.

This patch depends on bug #220352 which adds the actual ModSecurity v3 port.

Regards,
Marius

Comment 1 Marius Halden 2017-07-28 11:23:22 UTC

Created attachment 184795 [details]
nginx-1.12.1-mod_security-devel.patch

Updated patch for nginx 1.12.1 is attached.

Comment 2 Kurt Jaeger freebsd_committer

2017-07-28 17:09:30 UTC

testbuilds@work

Comment 3 Kurt Jaeger freebsd_committer

2017-07-28 17:45:37 UTC

Testbuilds OK on 12a, 11.0a, 10.3i

Comment 4 Marius Halden 2017-08-02 13:46:58 UTC

Created attachment 184953 [details]
nginx-1.12.1-mod_security-devel.patch

In the previous patch the modsecurity 3 module was add as a dynamic module instead of a static by mistake. This new patch fixes that.

Comment 5 commit-hook freebsd_committer

2017-08-04 11:05:06 UTC

A commit references this bug:

Author: joneum
Date: Fri Aug  4 11:04:18 UTC 2017
New revision: 447325
URL: https://svnweb.freebsd.org/changeset/ports/447325

Log:
  - Add mod_security v3 support

  This update adds support for mod_security version 3 to nginx.
  ModSecurity v3 is the next version of ModSecurity currently
  under development. It is developed as a library independent of
  webservers and can be used from different connectors such
  as the ModSecurity-nginx module used by this port

  PR:		220353
  Reported by:	Marius Halden <marius.h@lden.org>
  Approved by:	miwi (mentor)
  Differential Revision:	https://reviews.freebsd.org/D11778

Changes:
  head/www/nginx/Makefile
  head/www/nginx/distinfo

Comment 6 Jochen Neumeister freebsd_committer

2017-08-04 11:06:49 UTC

Committed, thanks :-)

Comment 7 Marius Halden 2017-08-16 19:56:37 UTC

Created attachment 185497 [details]
modsec-nginx-fix.patch

Turns out this is actually not solved. The patch was updated before it was committed and the updated patch introduced a typo for GH_ACCOUNT in GH_TUPLE breaking the MODSECURITY_DEVEL option. GH_ACCOUNT should be "SpiderLabs" NOT "SiderLaps" as it currently is. Please see the attached patch, which fixes this and also turns the modsecurity-devel module into a statically linked module instead og a dynamic module.

Comment 8 Marius Halden 2017-08-16 19:58:03 UTC

As mentioned in comment #7 there was introduced an error when the patch was changed.

Comment 9 Jochen Neumeister freebsd_committer

2017-08-16 19:58:53 UTC

ups, thanks for the report.

Comment 10 commit-hook freebsd_committer

2017-08-19 08:44:59 UTC

A commit references this bug:

Author: joneum
Date: Sat Aug 19 08:44:30 UTC 2017
New revision: 448290
URL: https://svnweb.freebsd.org/changeset/ports/448290

Log:
  - www/nginx: set correct GH_TUPLE for modsecurity-devel

  PR:		220353
  Reported by:	Marius Halden <marius.h@lden.org>
  Approved by:	miwi (mentor)
  Differential Revision:	https://reviews.freebsd.org/D12052

Changes:
  head/www/nginx/Makefile