Date: Wednesday, October 26, 2022 @ 22:30:19
Author: mtorromeo
Revision: 1337119
archrelease: copy trunk to community-x86_64
Added:
nginx-mod-naxsi/repos/community-x86_64/PKGBUILD
(from rev 1337111, nginx-mod-naxsi/trunk/PKGBUILD)
nginx-mod-naxsi/repos/community-x86_64/keys/
nginx-mod-naxsi/repos/community-x86_64/pcre2.patch
(from rev 1337113, nginx-mod-naxsi/trunk/pcre2.patch)
Deleted:
nginx-mod-naxsi/repos/community-x86_64/PKGBUILD
nginx-mod-naxsi/repos/community-x86_64/keys/
nginx-mod-naxsi/repos/community-x86_64/pcre2.patch
-------------+
PKGBUILD | 92 +++++++-------
pcre2.patch | 364 +++++++++++++++++++++++++++++-----------------------------
2 files changed, 228 insertions(+), 228 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-10-26 22:30:18 UTC (rev 1337118)
+++ PKGBUILD 2022-10-26 22:30:19 UTC (rev 1337119)
@@ -1,46 +0,0 @@
-# Maintainer: Massimiliano Torromeo <[email protected]>
-
-pkgname=nginx-mod-naxsi
-pkgver=1.3
-pkgrel=7
-_modname=naxsi
-pkgdesc='Nginx Anti XSS & SQL Injection'
-arch=('x86_64')
-depends=('nginx')
-makedepends=('nginx-src')
-url="https://github.com/nbs-system/naxsi";
-license=('GPL3')
-backup=('etc/nginx/naxsi_core.rules')
-source=(https://github.com/nbs-system/$_modname/archive/$pkgver/$_modname-$pkgver.tar.gz
- pcre2.patch)
-validpgpkeys=(B0F4253373F8F6F510D42178520A9993A1C052F8) # Maxim Dounin
<[email protected]>
-sha256sums=('439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628'
- 'd02832f606488f72a3e1dfd1381f157dffcbed44e67563b4c0086d2d806425ef')
-
-prepare() {
- mkdir -p "$srcdir"/build
- cd "$srcdir"/build
-
- ln -sf /usr/src/nginx/auto
- ln -sf /usr/src/nginx/src
-
- # pcre2 patch
- cd "$srcdir"/$_modname-$pkgver
- patch -Np1 < ../pcre2.patch
-}
-
-build() {
- cd "$srcdir"/build
- /usr/src/nginx/configure --with-compat
--add-dynamic-module=../$_modname-$pkgver/naxsi_src
- make modules
-}
-
-package() {
- cd "$srcdir"/build/objs
- for mod in *.so; do
- install -Dm755 "$mod" "$pkgdir/usr/lib/nginx/modules/$mod"
- done
-
- cd "$srcdir"/$_modname-$pkgver
- install -Dm644 naxsi_config/naxsi_core.rules
"$pkgdir"/etc/nginx/naxsi_core.rules
-}
Copied: nginx-mod-naxsi/repos/community-x86_64/PKGBUILD (from rev 1337111,
nginx-mod-naxsi/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-10-26 22:30:19 UTC (rev 1337119)
@@ -0,0 +1,46 @@
+# Maintainer: Massimiliano Torromeo <[email protected]>
+
+pkgname=nginx-mod-naxsi
+pkgver=1.3
+pkgrel=8
+_modname=naxsi
+pkgdesc='Nginx Anti XSS & SQL Injection'
+arch=('x86_64')
+depends=('nginx')
+makedepends=('nginx-src')
+url="https://github.com/nbs-system/naxsi";
+license=('GPL3')
+backup=('etc/nginx/naxsi_core.rules')
+source=(https://github.com/nbs-system/$_modname/archive/$pkgver/$_modname-$pkgver.tar.gz
+ pcre2.patch)
+validpgpkeys=(B0F4253373F8F6F510D42178520A9993A1C052F8) # Maxim Dounin
<[email protected]>
+sha256sums=('439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628'
+ 'd02832f606488f72a3e1dfd1381f157dffcbed44e67563b4c0086d2d806425ef')
+
+prepare() {
+ mkdir -p "$srcdir"/build
+ cd "$srcdir"/build
+
+ ln -sf /usr/src/nginx/auto
+ ln -sf /usr/src/nginx/src
+
+ # pcre2 patch
+ cd "$srcdir"/$_modname-$pkgver
+ patch -Np1 < ../pcre2.patch
+}
+
+build() {
+ cd "$srcdir"/build
+ /usr/src/nginx/configure --with-compat
--add-dynamic-module=../$_modname-$pkgver/naxsi_src
+ make modules
+}
+
+package() {
+ cd "$srcdir"/build/objs
+ for mod in *.so; do
+ install -Dm755 "$mod" "$pkgdir/usr/lib/nginx/modules/$mod"
+ done
+
+ cd "$srcdir"/$_modname-$pkgver
+ install -Dm644 naxsi_config/naxsi_core.rules
"$pkgdir"/etc/nginx/naxsi_core.rules
+}
Deleted: pcre2.patch
===================================================================
--- pcre2.patch 2022-10-26 22:30:18 UTC (rev 1337118)
+++ pcre2.patch 2022-10-26 22:30:19 UTC (rev 1337119)
@@ -1,182 +0,0 @@
-diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
-index 0f61d95..d7ce716 100644
---- a/naxsi_src/naxsi.h
-+++ b/naxsi_src/naxsi.h
-@@ -19,7 +19,6 @@
- #include <ngx_http.h>
- #include <ngx_http_core_module.h>
- #include <ngx_md5.h>
--#include <pcre.h>
-
- extern ngx_module_t ngx_http_naxsi_module;
-
-@@ -497,6 +496,17 @@ typedef struct ngx_http_nx_json_s
- #define LIBINJ_SQL_T "d:libinj_sql"
- #define NEGATIVE_T "negative"
-
-+#if defined nginx_version && (nginx_version >= 1021005)
-+// after 1.21.5 NGX_REGEX_MULTILINE is present.
-+#define NAXSI_REGEX_OPTIONS (NGX_REGEX_CASELESS | NGX_REGEX_MULTILINE)
-+#else
-+#if (NGX_PCRE2)
-+#define NAXSI_REGEX_OPTIONS (PCRE2_CASELESS | PCRE2_MULTILINE)
-+#else
-+#define NAXSI_REGEX_OPTIONS (PCRE_CASELESS | PCRE_MULTILINE)
-+#endif
-+#endif
-+
- /*
- ** name of hardcoded variables to
- ** change behavior of naxsi at runtime
-diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
-index 4ea1556..4b5b3cd 100644
---- a/naxsi_src/naxsi_config.c
-+++ b/naxsi_src/naxsi_config.c
-@@ -323,7 +323,7 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
- custom_rule->target_rx = ngx_pcalloc(r->pool,
sizeof(ngx_regex_compile_t));
- return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
-
-- custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
-+ custom_rule->target_rx->options = NAXSI_REGEX_OPTIONS;
- custom_rule->target_rx->pattern = custom_rule->target;
- custom_rule->target_rx->pool = r->pool;
- custom_rule->target_rx->err.len = 0;
-@@ -442,7 +442,8 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
- ha.len = tmp->len - strlen(RX_T);
- rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
- return_value_if(!rgc, NGX_CONF_ERROR);
-- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+
-+ rgc->options = NAXSI_REGEX_OPTIONS;
- rgc->pattern = ha;
- rgc->pool = r->pool;
- rgc->err.len = 0;
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index eccdce3..eff5390 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -181,6 +181,75 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
-
-+#if defined nginx_version && (nginx_version >= 1021005)
-+/*
-+ * variables to use pcre2
-+ */
-+static pcre2_match_data *ngx_pcre2_match_data;
-+static ngx_uint_t ngx_pcre2_match_data_size;
-+
-+/*
-+ * helper function to use pcre2
-+ */
-+ngx_int_t
-+ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len,
ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
-+{
-+ size_t *ov;
-+ ngx_int_t rc;
-+ ngx_uint_t n, i;
-+
-+ /*
-+ * The pcre2_match() function might allocate memory for backtracking
-+ * frames, typical allocations are from 40k and above. So the allocator
-+ * is configured to do direct allocations from heap during matching.
-+ */
-+
-+ if (ngx_pcre2_match_data == NULL
-+ || size > ngx_pcre2_match_data_size)
-+ {
-+ /*
-+ * Allocate a match data if not yet allocated or smaller than
-+ * needed.
-+ */
-+
-+ if (ngx_pcre2_match_data) {
-+ pcre2_match_data_free(ngx_pcre2_match_data);
-+ }
-+
-+ ngx_pcre2_match_data_size = size;
-+ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
-+
-+ if (ngx_pcre2_match_data == NULL) {
-+ rc = PCRE2_ERROR_NOMEMORY;
-+ goto failed;
-+ }
-+ }
-+
-+ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
-+
-+ if (rc < 0) {
-+ goto failed;
-+ }
-+
-+ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
-+ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
-+
-+ if (n > size / 3) {
-+ n = size / 3;
-+ }
-+
-+ for (i = 0; i < n; i++) {
-+ captures[i * 2] = ov[i * 2];
-+ captures[i * 2 + 1] = ov[i * 2 + 1];
-+ }
-+
-+failed:
-+
-+ return rc;
-+
-+}
-+#endif
-+
- /*
- ** in : string to inspect, associated rule
- ** does : apply the rule on the string, return 1 if matched,
-@@ -201,7 +270,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str,
ngx_http_rule_t* rl, ngx_int_
- tmp_idx = 0;
- len = str->len;
- while
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
-+#if (NGX_PCRE2)
-+ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
-+ str->data,
-+ str->len,
-+ tmp_idx,
-+ captures,
-+ 30)) >= 0)
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
- (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
- 0,
- (const char*)str->data,
-@@ -496,7 +572,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx,
unsigned char* str, unsigne
- int match;
- int captures[30];
-
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
-+#if (NGX_PCRE2)
-+ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
- match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0,
captures, 1);
- #elif defined nginx_version && (nginx_version > 1001011)
- match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0,
captures, 1);
-diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
-index 445c487..d357617 100644
---- a/naxsi_src/naxsi_utils.c
-+++ b/naxsi_src/naxsi_utils.c
-@@ -800,7 +800,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
- if (rgc) {
-- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+ rgc->options = NAXSI_REGEX_OPTIONS;
- rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
-@@ -816,7 +816,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
- if (rgc) {
-- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+ rgc->options = NAXSI_REGEX_OPTIONS;
- rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
Copied: nginx-mod-naxsi/repos/community-x86_64/pcre2.patch (from rev 1337113,
nginx-mod-naxsi/trunk/pcre2.patch)
===================================================================
--- pcre2.patch (rev 0)
+++ pcre2.patch 2022-10-26 22:30:19 UTC (rev 1337119)
@@ -0,0 +1,182 @@
+diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
+index 0f61d95..d7ce716 100644
+--- a/naxsi_src/naxsi.h
++++ b/naxsi_src/naxsi.h
+@@ -19,7 +19,6 @@
+ #include <ngx_http.h>
+ #include <ngx_http_core_module.h>
+ #include <ngx_md5.h>
+-#include <pcre.h>
+
+ extern ngx_module_t ngx_http_naxsi_module;
+
+@@ -497,6 +496,17 @@ typedef struct ngx_http_nx_json_s
+ #define LIBINJ_SQL_T "d:libinj_sql"
+ #define NEGATIVE_T "negative"
+
++#if defined nginx_version && (nginx_version >= 1021005)
++// after 1.21.5 NGX_REGEX_MULTILINE is present.
++#define NAXSI_REGEX_OPTIONS (NGX_REGEX_CASELESS | NGX_REGEX_MULTILINE)
++#else
++#if (NGX_PCRE2)
++#define NAXSI_REGEX_OPTIONS (PCRE2_CASELESS | PCRE2_MULTILINE)
++#else
++#define NAXSI_REGEX_OPTIONS (PCRE_CASELESS | PCRE_MULTILINE)
++#endif
++#endif
++
+ /*
+ ** name of hardcoded variables to
+ ** change behavior of naxsi at runtime
+diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
+index 4ea1556..4b5b3cd 100644
+--- a/naxsi_src/naxsi_config.c
++++ b/naxsi_src/naxsi_config.c
+@@ -323,7 +323,7 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
+ custom_rule->target_rx = ngx_pcalloc(r->pool,
sizeof(ngx_regex_compile_t));
+ return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
+
+- custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
++ custom_rule->target_rx->options = NAXSI_REGEX_OPTIONS;
+ custom_rule->target_rx->pattern = custom_rule->target;
+ custom_rule->target_rx->pool = r->pool;
+ custom_rule->target_rx->err.len = 0;
+@@ -442,7 +442,8 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t*
rule)
+ ha.len = tmp->len - strlen(RX_T);
+ rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
+ return_value_if(!rgc, NGX_CONF_ERROR);
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern = ha;
+ rgc->pool = r->pool;
+ rgc->err.len = 0;
+diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
+index eccdce3..eff5390 100644
+--- a/naxsi_src/naxsi_runtime.c
++++ b/naxsi_src/naxsi_runtime.c
+@@ -181,6 +181,75 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
+ unsigned char*
+ ngx_utf8_check(ngx_str_t* str);
+
++#if defined nginx_version && (nginx_version >= 1021005)
++/*
++ * variables to use pcre2
++ */
++static pcre2_match_data *ngx_pcre2_match_data;
++static ngx_uint_t ngx_pcre2_match_data_size;
++
++/*
++ * helper function to use pcre2
++ */
++ngx_int_t
++ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len,
ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
++{
++ size_t *ov;
++ ngx_int_t rc;
++ ngx_uint_t n, i;
++
++ /*
++ * The pcre2_match() function might allocate memory for backtracking
++ * frames, typical allocations are from 40k and above. So the allocator
++ * is configured to do direct allocations from heap during matching.
++ */
++
++ if (ngx_pcre2_match_data == NULL
++ || size > ngx_pcre2_match_data_size)
++ {
++ /*
++ * Allocate a match data if not yet allocated or smaller than
++ * needed.
++ */
++
++ if (ngx_pcre2_match_data) {
++ pcre2_match_data_free(ngx_pcre2_match_data);
++ }
++
++ ngx_pcre2_match_data_size = size;
++ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
++
++ if (ngx_pcre2_match_data == NULL) {
++ rc = PCRE2_ERROR_NOMEMORY;
++ goto failed;
++ }
++ }
++
++ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
++
++ if (rc < 0) {
++ goto failed;
++ }
++
++ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
++ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
++
++ if (n > size / 3) {
++ n = size / 3;
++ }
++
++ for (i = 0; i < n; i++) {
++ captures[i * 2] = ov[i * 2];
++ captures[i * 2 + 1] = ov[i * 2 + 1];
++ }
++
++failed:
++
++ return rc;
++
++}
++#endif
++
+ /*
+ ** in : string to inspect, associated rule
+ ** does : apply the rule on the string, return 1 if matched,
+@@ -201,7 +270,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str,
ngx_http_rule_t* rl, ngx_int_
+ tmp_idx = 0;
+ len = str->len;
+ while
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
++#if (NGX_PCRE2)
++ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
++ str->data,
++ str->len,
++ tmp_idx,
++ captures,
++ 30)) >= 0)
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
+ (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
+ 0,
+ (const char*)str->data,
+@@ -496,7 +572,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx,
unsigned char* str, unsigne
+ int match;
+ int captures[30];
+
+-#if defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
++#if (NGX_PCRE2)
++ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
++#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version !=
1003000)
+ match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0,
captures, 1);
+ #elif defined nginx_version && (nginx_version > 1001011)
+ match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0,
captures, 1);
+diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
+index 445c487..d357617 100644
+--- a/naxsi_src/naxsi_utils.c
++++ b/naxsi_src/naxsi_utils.c
+@@ -800,7 +800,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
+ if (rgc) {
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
+@@ -816,7 +816,7 @@
ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
+ ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
+ rgc =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
+ if (rgc) {
+- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
++ rgc->options = NAXSI_REGEX_OPTIONS;
+ rgc->pattern =
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
+ rgc->pool = cf->pool;
+ rgc->err.len = 0;
