Bug 220353 - www/nginx: Add mod_security v3 support
Summary: www/nginx: Add mod_security v3 support
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jochen Neumeister
URL:
Keywords: feature, patch
Depends on: 220352
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 11:02 UTC by Marius Halden
Modified: 2017-08-19 08:45 UTC (History)
2 users (show)

See Also:
pi: maintainer-feedback? (joneum)


Attachments
nginx-mod_security-devel.diff (2.05 KB, patch)
2017-06-29 11:02 UTC, Marius Halden
no flags Details | Diff
nginx-1.12.1-mod_security-devel.patch (2.33 KB, patch)
2017-07-28 11:23 UTC, Marius Halden
no flags Details | Diff
nginx-1.12.1-mod_security-devel.patch (2.32 KB, patch)
2017-08-02 13:46 UTC, Marius Halden
no flags Details | Diff
modsec-nginx-fix.patch (553 bytes, patch)
2017-08-16 19:56 UTC, Marius Halden
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marius Halden 2017-06-29 11:02:17 UTC
Created attachment 183907 [details]
nginx-mod_security-devel.diff

Hi,

The attached patch adds support for mod_security version 3 to nginx. ModSecurity v3 is the next version of ModSecurity currently under development. It is developed as a library independent of webservers and can be used from different connectors such as the ModSecurity-nginx module used by this port/patch.

This patch depends on bug #220352 which adds the actual ModSecurity v3 port.

Regards,
Marius
Comment 1 Marius Halden 2017-07-28 11:23:22 UTC
Created attachment 184795 [details]
nginx-1.12.1-mod_security-devel.patch

Updated patch for nginx 1.12.1 is attached.
Comment 2 Kurt Jaeger freebsd_committer 2017-07-28 17:09:30 UTC
testbuilds@work
Comment 3 Kurt Jaeger freebsd_committer 2017-07-28 17:45:37 UTC
Testbuilds OK on 12a, 11.0a, 10.3i
Comment 4 Marius Halden 2017-08-02 13:46:58 UTC
Created attachment 184953 [details]
nginx-1.12.1-mod_security-devel.patch

In the previous patch the modsecurity 3 module was add as a dynamic module instead of a static by mistake. This new patch fixes that.
Comment 5 commit-hook freebsd_committer 2017-08-04 11:05:06 UTC
A commit references this bug:

Author: joneum
Date: Fri Aug  4 11:04:18 UTC 2017
New revision: 447325
URL: https://svnweb.freebsd.org/changeset/ports/447325

Log:
  - Add mod_security v3 support

  This update adds support for mod_security version 3 to nginx.
  ModSecurity v3 is the next version of ModSecurity currently
  under development. It is developed as a library independent of
  webservers and can be used from different connectors such
  as the ModSecurity-nginx module used by this port

  PR:		220353
  Reported by:	Marius Halden <marius.h@lden.org>
  Approved by:	miwi (mentor)
  Differential Revision:	https://reviews.freebsd.org/D11778

Changes:
  head/www/nginx/Makefile
  head/www/nginx/distinfo
Comment 6 Jochen Neumeister freebsd_committer 2017-08-04 11:06:49 UTC
Committed, thanks :-)
Comment 7 Marius Halden 2017-08-16 19:56:37 UTC
Created attachment 185497 [details]
modsec-nginx-fix.patch

Turns out this is actually not solved. The patch was updated before it was committed and the updated patch introduced a typo for GH_ACCOUNT in GH_TUPLE breaking the MODSECURITY_DEVEL option. GH_ACCOUNT should be "SpiderLabs" NOT "SiderLaps" as it currently is. Please see the attached patch, which fixes this and also turns the modsecurity-devel module into a statically linked module instead og a dynamic module.
Comment 8 Marius Halden 2017-08-16 19:58:03 UTC
As mentioned in comment #7 there was introduced an error when the patch was changed.
Comment 9 Jochen Neumeister freebsd_committer 2017-08-16 19:58:53 UTC
ups, thanks for the report.
Comment 10 commit-hook freebsd_committer 2017-08-19 08:44:59 UTC
A commit references this bug:

Author: joneum
Date: Sat Aug 19 08:44:30 UTC 2017
New revision: 448290
URL: https://svnweb.freebsd.org/changeset/ports/448290

Log:
  - www/nginx: set correct GH_TUPLE for modsecurity-devel

  PR:		220353
  Reported by:	Marius Halden <marius.h@lden.org>
  Approved by:	miwi (mentor)
  Differential Revision:	https://reviews.freebsd.org/D12052

Changes:
  head/www/nginx/Makefile