Hello, The following patch adds the ModSecurity connector module to nginx. This module uses my previously sent libmodsecurity.
By moving the module sources into the nginx source directory in the pre-patch stage, the configure run accepts the libmodsecurity with 0.0 as version without any real patching of the connector module itself. I'm not sure, if the pseudo flavor for this is really needed. Greetings, Matthias -------------------------------------------------------------------------------- diff --git a/www/nginx/Makefile b/www/nginx/Makefile index 7fce24d..6546604 100644 --- a/www/nginx/Makefile +++ b/www/nginx/Makefile @@ -15,12 +15,14 @@ COMMENT-headers_more= nginx module for setting/adding/clearing headers COMMENT-perl= nginx perl scripting module COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module COMMENT-rtmp= nginx module for RTMP streaming +COMMENT-modsecurity3= nginx module for ModSecurity VERSION= 1.18.0 DISTNAME= nginx-${VERSION} CATEGORIES= www VERSION-rtmp= 1.2.1 +VERSION-modsecurity3= 1.0.1 PKGNAME-main= ${DISTNAME} PKGNAME-image_filter= nginx-image_filter-${VERSION} @@ -35,6 +37,7 @@ PKGNAME-headers_more= nginx-headers-more-${VERSION} PKGNAME-perl= nginx-perl-${VERSION} PKGNAME-passenger= nginx-passenger-${VERSION} PKGNAME-rtmp= nginx-rtmp-${VERSION} +PKGNAME-modsecurity3= nginx-modsecurity3-${VERSION} REVISION-xslt= 0 ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386 @@ -52,7 +55,8 @@ _GH_MODS= \ kvspb nginx-auth-ldap 83c059b73566c2ee9cbda920d91b66657cf120b7 \ arut nginx-rtmp-module v${VERSION-rtmp} \ simpl ngx_devel_kit v0.3.0 \ - leev ngx_http_geoip2_module 3.3 + leev ngx_http_geoip2_module 3.3 \ + SpiderLabs ModSecurity-nginx v${VERSION-modsecurity3} .for _a _p _c in ${_GH_MODS} DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0 @@ -68,10 +72,11 @@ PERMIT_PACKAGE= Yes MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES} MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \ - -passenger -headers_more -ldap_auth -lua -rtmp + -passenger -headers_more -ldap_auth -lua -rtmp \ + -modsecurity3 FLAVOR ?= -PSEUDO_FLAVORS = no_lua no_passenger +PSEUDO_FLAVORS = no_lua no_passenger no_modsecurity3 COMPILER = base-clang ports-gcc base-gcc @@ -90,6 +95,7 @@ WANTLIB-lua= ${MODLUA_WANTLIB} m WANTLIB-headers_more= WANTLIB-perl= c m perl WANTLIB-passenger= m pthread ${COMPILER_LIBCXX} +WANTLIB-modsecurity3= modsecurity LIB_DEPENDS-main= devel/pcre LIB_DEPENDS-xslt= textproc/libxml \ @@ -99,6 +105,7 @@ LIB_DEPENDS-geoip2= net/libmaxminddb LIB_DEPENDS-ldap_auth= databases/openldap LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} LIB_DEPENDS-rtmp= +LIB_DEPENDS-modsecurity3= security/libmodsecurity MODLUA_RUNDEP= No RUN_DEPENDS= www/nginx,-main=${VERSION} @@ -146,6 +153,12 @@ CONFIGURE_ARGS+= --add-dynamic-module=${LOCALBASE}/lib/phusion-passenger${GEM_BI CONFIGURE_ARGS+= --add-dynamic-module=${WRKDIR}/nginx-rtmp-module-${VERSION-rtmp}/ .endif +.if ${BUILD_PACKAGES:M-modsecurity3} +CONFIGURE_ENV+= MODSECURITY_LIB=${PREFIX}/lib \ + MODSECURITY_INC=${PREFIX}/include/modsecurity +CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx +.endif + CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \ --conf-path=${SYSCONFDIR}/nginx/nginx.conf \ --sbin-path=${PREFIX}/sbin/nginx \ @@ -188,7 +201,7 @@ ALL_TARGET= pre-patch: .for i in headers-more-nginx-module lua-nginx-module naxsi \ - nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module + nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module ModSecurity-nginx cd ${WRKSRC} && mv ../$i-* $i .endfor diff --git a/www/nginx/distinfo b/www/nginx/distinfo index 607c62e..bb696de 100644 --- a/www/nginx/distinfo +++ b/www/nginx/distinfo @@ -1,3 +1,4 @@ +SHA256 (ModSecurity-nginx-v1.0.1.tar.gz) = yWmnhlm7R8hJKd4LmtwfjFEqUeyd07Fiy1aK4ijT1Z4= SHA256 (headers-more-nginx-module-v0.33.tar.gz) = o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78= SHA256 (lua-nginx-module-v0.10.11.tar.gz) = wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY= SHA256 (naxsi-0.55.3.tar.gz) = CzyV0lB3Lcia2LSeR8HgJMWuLHbAz/pEXp/gXE3RNJU= @@ -7,6 +8,7 @@ SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc= SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk= SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc= +SIZE (ModSecurity-nginx-v1.0.1.tar.gz) = 31920 SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130 SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653 SIZE (naxsi-0.55.3.tar.gz) = 187416 diff --git a/www/nginx/pkg/DESCR-modsecurity3 b/www/nginx/pkg/DESCR-modsecurity3 new file mode 100644 index 0000000..cdf9b58 --- /dev/null +++ b/www/nginx/pkg/DESCR-modsecurity3 @@ -0,0 +1,10 @@ +The ModSecurity-nginx connector is the connection point between Nginx and +libmodsecurity (ModSecurity v3). Said another way, this project provides a +communication channel between Nginx and libmodsecurity. This connector is +required to use LibModSecurity with Nginx. + +The ModSecurity-nginx connector takes the form of an Nginx module. The module +simply serves as a layer of communication between Nginx and ModSecurity. + +Notice that this project depends on libmodsecurity rather than ModSecurity +(version 2.9 or less). diff --git a/www/nginx/pkg/PLIST-modsecurity3 b/www/nginx/pkg/PLIST-modsecurity3 new file mode 100644 index 0000000..d75d428 --- /dev/null +++ b/www/nginx/pkg/PLIST-modsecurity3 @@ -0,0 +1,2 @@ +@comment $OpenBSD: PLIST-modsecurity3,v$ +@so ngx_http_modsecurity_module.so