[Buildroot] [PATCH 1/2] libmodescurity: new package

[Buildroot] [PATCH 1/2] libmodescurity: new package

[Frank Vanbever]

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                    |  3 +
 package/Config.in                             |  1 +
 ...-CANONICAL_HOST-cannot-be-determined.patch | 31 ++++++++++
 ...test-for-uClinux-in-configure-script.patch | 28 +++++++++
 package/libmodsecurity/Config.in              | 14 +++++
 package/libmodsecurity/libmodsecurity.hash    |  4 ++
 package/libmodsecurity/libmodsecurity.mk      | 59 +++++++++++++++++++
 7 files changed, 140 insertions(+)
 create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
 create mode 100644 package/libmodsecurity/Config.in
 create mode 100644 package/libmodsecurity/libmodsecurity.hash
 create mode 100644 package/libmodsecurity/libmodsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 80843dd1a1..534f4d746c 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -955,6 +955,9 @@ F:	package/ucl/
 F:	package/upx/
 F:	package/zxing-cpp/
 
+N:	Frank Vanbever <frank.vanbever@essensium.com>
+F:	package/libmodsecurity/
+
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
 F:	package/qt5/qt5webengine/
diff --git a/package/Config.in b/package/Config.in
index 873a592d64..190cc4217c 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2032,6 +2032,7 @@ menu "Networking applications"
 	source "package/leafnode2/Config.in"
 	source "package/lft/Config.in"
 	source "package/lftp/Config.in"
+	source "package/libmodsecurity/Config.in"
 	source "package/lighttpd/Config.in"
 	source "package/linknx/Config.in"
 	source "package/links/Config.in"
diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
new file mode 100644
index 0000000000..d725d136ff
--- /dev/null
+++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
@@ -0,0 +1,31 @@
+From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:14:43 +0100
+Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
+
+When the CANONICAL_HOST is unknown the configure script exits
+with exit code 0 even though no makefile was produced.
+
+patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 95e48843..5e6971f4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,7 +193,7 @@ case $host in
+     ;;
+        *)
+     echo "Unknown CANONICAL_HOST $host"
+-    exit
++    exit 1
+     ;;
+ esac
+ 
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
new file mode 100644
index 0000000000..73022f31f2
--- /dev/null
+++ b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
@@ -0,0 +1,28 @@
+From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:24:43 +0100
+Subject: [PATCH] test for uClinux in configure script
+
+patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5e6971f4..51d38071 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -156,7 +156,7 @@ case $host in
+     AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
+     PLATFORM="MacOSX"
+     ;;
+-  *-*-linux*)
++  *-*-linux* | *-*uclinux*)
+     echo "Checking platform... Identified as Linux"
+     AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
+     PLATFORM="Linux"
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
new file mode 100644
index 0000000000..ddd4170945
--- /dev/null
+++ b/package/libmodsecurity/Config.in
@@ -0,0 +1,14 @@
+config BR2_PACKAGE_LIBMODSECURITY
+	bool "libmodsecurity"
+	select BR2_PACKAGE_PCRE
+	help
+	  Libmodsecurity is one component of the ModSecurity
+	  v3 project. The library codebase serves as an
+	  interface to ModSecurity Connectors taking in web
+	  traffic and applying traditional ModSecurity
+	  processing. In general, it provides the capability
+	  to load/interpret rules written in the ModSecurity
+	  SecRules format and apply them to HTTP content
+	  provided by your application via Connectors.
+
+	  https://github.com/SpiderLabs/ModSecurity
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
new file mode 100644
index 0000000000..29c0a079fe
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.3/modsecurity-v3.0.3.tar.gz.sha256
+sha256 8aa1300105d8cc23315a5e54421192bc617a66246ad004bd89e67c232208d0f4  modsecurity-v3.0.3.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
new file mode 100644
index 0000000000..991402057d
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -0,0 +1,59 @@
+################################################################################
+#
+# libmodsecurity
+#
+################################################################################
+
+LIBMODSECURITY_VERSION = 3.0.3
+LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
+LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/$(LIBMODSECURITY_VERSION)
+LIBMODSECURITY_INSTALL_STAGING = YES
+LIBMODSECURITY_LICENSE = Apache-2.0
+LIBMODSECURITY_LICENSE_FILES = LICENSE
+LIBMODSECURITY_AUTORECONF = YES
+LIBMODSECURITY_CONF_ENV = \
+	ac_cv_file_others_libinjection_src_libinjection_html5_c=yes # Necessary to work around AC_CHECK_FILE cross-compile limitation
+
+LIBMODSECURITY_DEPENDENCIES = pcre
+LIBMODSECURITY_CONF_OPTS =  --disable-examples
+
+ifeq ($(BR2_PACKAGE_LIBXML2),y)
+LIBMODSECURITY_DEPENDENCIES += libxml2
+LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)"
+else
+LIBMODSECURITY_CONF_OPTS += --with-libxml="no"
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+LIBMODSECURITY_DEPENDENCIES += libcurl
+LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)"
+else
+LIBMODSECURITY_CONF_OPTS += --with-curl="no"
+endif
+
+ifeq ($(BR2_PACKAGE_YAJL),y)
+LIBMODSECURITY_DEPENDENCIES += yajl
+else
+LIBMODSECURITY_CONF_OPTS += --with-yajl="no"
+endif
+
+ifeq ($(BR2_PACKAGE_GEOIP),y)
+LIBMODSECURITY_DEPENDENCIES += geoip
+else
+LIBMODSECURITY_CONF_OPTS += --with-geoip="no"
+endif
+
+ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
+LIBMODSECURITY_DEPENDENCIES += libmaxminddb
+else
+LIBMODSECURITY_CONF_OPTS += --with-maxmind="no"
+endif
+
+ifeq ($(BR2_PACKAGE_LUA),y)
+LIBMODSECURITY_DEPENDENCIES += lua
+LIBMODSECURITY_CONF_OPTS += --with-lua="$(STAGING_DIR)"
+else
+LIBMODSECURITY_CONF_OPTS += --with-lua="no"
+endif
+
+$(eval $(autotools-package))
-- 
2.20.1

[Buildroot] [PATCH 2/2] nginx-modsecurity: new package

[Frank Vanbever]

This commit adds the modsecurity-nginx nxinx module.
The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                       |  1 +
 package/Config.in                                |  1 +
 package/nginx-modsecurity/Config.in              | 10 ++++++++++
 package/nginx-modsecurity/nginx-modsecurity.hash |  4 ++++
 package/nginx-modsecurity/nginx-modsecurity.mk   | 14 ++++++++++++++
 package/nginx/nginx.mk                           |  5 +++++
 6 files changed, 35 insertions(+)
 create mode 100644 package/nginx-modsecurity/Config.in
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.hash
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 534f4d746c..998347c77d 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -957,6 +957,7 @@ F:	package/zxing-cpp/
 
 N:	Frank Vanbever <frank.vanbever@essensium.com>
 F:	package/libmodsecurity/
+F:	package/nginx-modsecurity/
 
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
diff --git a/package/Config.in b/package/Config.in
index 190cc4217c..03f8cdf891 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2075,6 +2075,7 @@ menu "External nginx modules"
 	source "package/nginx-dav-ext/Config.in"
 	source "package/nginx-naxsi/Config.in"
 	source "package/nginx-upload/Config.in"
+	source "package/nginx-modsecurity/Config.in"
 endmenu
 endif
 	source "package/ngircd/Config.in"
diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in
new file mode 100644
index 0000000000..cfefefce0c
--- /dev/null
+++ b/package/nginx-modsecurity/Config.in
@@ -0,0 +1,10 @@
+config BR2_PACKAGE_NGINX_MODSECURITY
+	bool "nginx-modsecurity"
+	select BR2_PACKAGE_PCRE
+	select BR2_PACKAGE_LIBMODSECURITY
+	help
+	  The ModSecurity-nginx connector is the connection
+	  point between nginx and libmodsecurity
+	  (ModSecurity v3).
+
+	  https://github.com/SpiderLabs/ModSecurity-nginx
diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash
new file mode 100644
index 0000000000..d2dd266ac1
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256
+sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk
new file mode 100644
index 0000000000..f1c4106047
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# nginx-modsecurity
+#
+################################################################################
+
+NGINX_MODSECURITY_VERSION = 1.0.1
+NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz
+NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/$(NGINX_MODSECURITY_VERSION)
+NGINX_MODSECURITY_LICENSE = Apache-2.0
+NGINX_MODSECURITY_LICENSE_FILES = LICENSE
+NGINX_MODSECURITY_DEPENDENCIES = libmodsecurity
+
+$(eval $(generic-package))
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index f895b78779..a9eac57adc 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -250,6 +250,11 @@ NGINX_DEPENDENCIES += nginx-naxsi
 NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src
 endif
 
+ifeq ($(BR2_PACKAGE_NGINX_MODSECURITY),y)
+NGINX_DEPENDENCIES += nginx-modsecurity
+NGINX_CONF_OPTS += --add-module=$(NGINX_MODSECURITY_DIR)
+endif
+
 # Debug logging
 NGINX_CONF_OPTS += $(if $(BR2_PACKAGE_NGINX_DEBUG),--with-debug)
 
-- 
2.20.1

[Buildroot] [PATCH 1/2] libmodescurity: new package

[Matthew Weber]

Frank,


On Fri, Jan 10, 2020 at 8:01 AM Frank Vanbever
<frank.vanbever@essensium.com> wrote:
>
> Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
> ---
>  DEVELOPERS                                    |  3 +
>  package/Config.in                             |  1 +
>  ...-CANONICAL_HOST-cannot-be-determined.patch | 31 ++++++++++
>  ...test-for-uClinux-in-configure-script.patch | 28 +++++++++
>  package/libmodsecurity/Config.in              | 14 +++++
>  package/libmodsecurity/libmodsecurity.hash    |  4 ++
>  package/libmodsecurity/libmodsecurity.mk      | 59 +++++++++++++++++++
>  7 files changed, 140 insertions(+)
>  create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
>  create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
>  create mode 100644 package/libmodsecurity/Config.in
>  create mode 100644 package/libmodsecurity/libmodsecurity.hash
>  create mode 100644 package/libmodsecurity/libmodsecurity.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 80843dd1a1..534f4d746c 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -955,6 +955,9 @@ F:  package/ucl/
>  F:     package/upx/
>  F:     package/zxing-cpp/
>
> +N:     Frank Vanbever <frank.vanbever@essensium.com>
> +F:     package/libmodsecurity/
> +
>  N:     Ga?l Portay <gael.portay@collabora.com>
>  F:     package/qt5/qt5virtualkeyboard/
>  F:     package/qt5/qt5webengine/
> diff --git a/package/Config.in b/package/Config.in
> index 873a592d64..190cc4217c 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2032,6 +2032,7 @@ menu "Networking applications"
>         source "package/leafnode2/Config.in"
>         source "package/lft/Config.in"
>         source "package/lftp/Config.in"
> +       source "package/libmodsecurity/Config.in"
>         source "package/lighttpd/Config.in"
>         source "package/linknx/Config.in"
>         source "package/links/Config.in"
> diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
> new file mode 100644
> index 0000000000..d725d136ff
> --- /dev/null
> +++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
> @@ -0,0 +1,31 @@
> +From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
> +From: Frank Vanbever <frank.vanbever@essensium.com>
> +Date: Fri, 10 Jan 2020 11:14:43 +0100
> +Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
> +
> +When the CANONICAL_HOST is unknown the configure script exits
> +with exit code 0 even though no makefile was produced.
> +
> +patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
> +
> +Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
> +---
> + configure.ac | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/configure.ac b/configure.ac
> +index 95e48843..5e6971f4 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -193,7 +193,7 @@ case $host in
> +     ;;
> +        *)
> +     echo "Unknown CANONICAL_HOST $host"
> +-    exit
> ++    exit 1
> +     ;;
> + esac
> +
> +--
> +2.20.1
> +
> diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
> new file mode 100644
> index 0000000000..73022f31f2
> --- /dev/null
> +++ b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
> @@ -0,0 +1,28 @@
> +From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001
> +From: Frank Vanbever <frank.vanbever@essensium.com>
> +Date: Fri, 10 Jan 2020 11:24:43 +0100
> +Subject: [PATCH] test for uClinux in configure script
> +
> +patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
> +
> +Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
> +---
> + configure.ac | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/configure.ac b/configure.ac
> +index 5e6971f4..51d38071 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -156,7 +156,7 @@ case $host in
> +     AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
> +     PLATFORM="MacOSX"
> +     ;;
> +-  *-*-linux*)
> ++  *-*-linux* | *-*uclinux*)
> +     echo "Checking platform... Identified as Linux"
> +     AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
> +     PLATFORM="Linux"
> +--
> +2.20.1
> +
> diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
> new file mode 100644
> index 0000000000..ddd4170945
> --- /dev/null
> +++ b/package/libmodsecurity/Config.in
> @@ -0,0 +1,14 @@
> +config BR2_PACKAGE_LIBMODSECURITY
> +       bool "libmodsecurity"
> +       select BR2_PACKAGE_PCRE
> +       help
> +         Libmodsecurity is one component of the ModSecurity
> +         v3 project. The library codebase serves as an
> +         interface to ModSecurity Connectors taking in web
> +         traffic and applying traditional ModSecurity
> +         processing. In general, it provides the capability
> +         to load/interpret rules written in the ModSecurity
> +         SecRules format and apply them to HTTP content
> +         provided by your application via Connectors.
> +
> +         https://github.com/SpiderLabs/ModSecurity
> diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
> new file mode 100644
> index 0000000000..29c0a079fe
> --- /dev/null
> +++ b/package/libmodsecurity/libmodsecurity.hash
> @@ -0,0 +1,4 @@
> +# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.3/modsecurity-v3.0.3.tar.gz.sha256
> +sha256 8aa1300105d8cc23315a5e54421192bc617a66246ad004bd89e67c232208d0f4  modsecurity-v3.0.3.tar.gz
> +# Localy calculated
> +sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
> diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
> new file mode 100644
> index 0000000000..991402057d
> --- /dev/null
> +++ b/package/libmodsecurity/libmodsecurity.mk
> @@ -0,0 +1,59 @@
> +################################################################################
> +#
> +# libmodsecurity
> +#
> +################################################################################
> +
> +LIBMODSECURITY_VERSION = 3.0.3
> +LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
> +LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/$(LIBMODSECURITY_VERSION)

This site path doesn't seem to work and needs a v before the $.
Current URL looks like
(https://github.com/SpiderLabs/ModSecurity/releases/download/3.0.3/modsecurity-v3.0.3.tar.gz)

LIBMODSECURITY_SITE =
https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)

> +LIBMODSECURITY_INSTALL_STAGING = YES
> +LIBMODSECURITY_LICENSE = Apache-2.0
> +LIBMODSECURITY_LICENSE_FILES = LICENSE
> +LIBMODSECURITY_AUTORECONF = YES
> +LIBMODSECURITY_CONF_ENV = \
> +       ac_cv_file_others_libinjection_src_libinjection_html5_c=yes # Necessary to work around AC_CHECK_FILE cross-compile limitation
> +
> +LIBMODSECURITY_DEPENDENCIES = pcre

It can't seem to currently find the pcre library.  Here's the error
and my reduced build config (Ubuntu 18.04 machine)

configure: SSDEEP library was not found
configure: Support for LUA was disabled by the utilization of
--without-lua or --with-lua=no
checking for libcurl config script... no
configure: *** curl library not found.
checking for libxml2 config script... no
configure: *** libxml2 library not found.
checking for libpcre config script... no
configure: *** pcre library not found.
configure: error: pcre library is required


BR2_aarch64=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_NGINX=y
BR2_PACKAGE_NGINX_MODSECURITY=y
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set


> +LIBMODSECURITY_CONF_OPTS =  --disable-examples
> +
> +ifeq ($(BR2_PACKAGE_LIBXML2),y)
> +LIBMODSECURITY_DEPENDENCIES += libxml2
> +LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)"
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-libxml="no"
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBCURL),y)
> +LIBMODSECURITY_DEPENDENCIES += libcurl
> +LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)"
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-curl="no"
> +endif
> +
> +ifeq ($(BR2_PACKAGE_YAJL),y)
> +LIBMODSECURITY_DEPENDENCIES += yajl
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-yajl="no"
> +endif
> +
> +ifeq ($(BR2_PACKAGE_GEOIP),y)
> +LIBMODSECURITY_DEPENDENCIES += geoip
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-geoip="no"
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
> +LIBMODSECURITY_DEPENDENCIES += libmaxminddb
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-maxmind="no"
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LUA),y)
> +LIBMODSECURITY_DEPENDENCIES += lua
> +LIBMODSECURITY_CONF_OPTS += --with-lua="$(STAGING_DIR)"
> +else
> +LIBMODSECURITY_CONF_OPTS += --with-lua="no"
> +endif
> +
> +$(eval $(autotools-package))
> --
> 2.20.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot



-- 

Matthew Weber | Associate Director Software Engineer | Commercial Avionics

COLLINS AEROSPACE

400 Collins Road NE, Cedar Rapids, Iowa 52498, USA

Tel: +1 319 295 7349 | FAX: +1 319 263 6099

matthew.weber at collins.com | collinsaerospace.com



CONFIDENTIALITY WARNING: This message may contain proprietary and/or
privileged information of Collins Aerospace and its affiliated
companies. If you are not the intended recipient, please 1) Do not
disclose, copy, distribute or use this message or its contents. 2)
Advise the sender by return email. 3) Delete all copies (including all
attachments) from your computer. Your cooperation is greatly
appreciated.


Any export restricted material should be shared using my
matthew.weber at corp.rockwellcollins.com address.

[Buildroot] [PATCH 1/2] libmodescurity: new package

[Peter Korsgaard]

>>>>> "Frank" == Frank Vanbever <frank.vanbever@essensium.com> writes:

Thanks for the patch! A few comments:

s|libmodescurity|package/libmodsecurity| in the subject.


 > Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
 > ---
 >  DEVELOPERS                                    |  3 +
 >  package/Config.in                             |  1 +
 >  ...-CANONICAL_HOST-cannot-be-determined.patch | 31 ++++++++++
 >  ...test-for-uClinux-in-configure-script.patch | 28 +++++++++
 >  package/libmodsecurity/Config.in              | 14 +++++
 >  package/libmodsecurity/libmodsecurity.hash    |  4 ++
 >  package/libmodsecurity/libmodsecurity.mk      | 59 +++++++++++++++++++
 >  7 files changed, 140 insertions(+)
 >  create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 >  create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
 >  create mode 100644 package/libmodsecurity/Config.in
 >  create mode 100644 package/libmodsecurity/libmodsecurity.hash
 >  create mode 100644 package/libmodsecurity/libmodsecurity.mk

 > diff --git a/DEVELOPERS b/DEVELOPERS
 > index 80843dd1a1..534f4d746c 100644
 > --- a/DEVELOPERS
 > +++ b/DEVELOPERS
 > @@ -955,6 +955,9 @@ F:	package/ucl/
 >  F:	package/upx/
 >  F:	package/zxing-cpp/
 
 > +N:	Frank Vanbever <frank.vanbever@essensium.com>
 > +F:	package/libmodsecurity/
 > +
 >  N:	Ga?l Portay <gael.portay@collabora.com>
 >  F:	package/qt5/qt5virtualkeyboard/
 >  F:	package/qt5/qt5webengine/
 > diff --git a/package/Config.in b/package/Config.in
 > index 873a592d64..190cc4217c 100644
 > --- a/package/Config.in
 > +++ b/package/Config.in
 > @@ -2032,6 +2032,7 @@ menu "Networking applications"
 >  	source "package/leafnode2/Config.in"
 >  	source "package/lft/Config.in"
 >  	source "package/lftp/Config.in"
 > +	source "package/libmodsecurity/Config.in"

Isn't libmodsecurity a library? If so, then a better location would be
Libraries -> Networking or Libraries -> Security


 >  	source "package/lighttpd/Config.in"
 >  	source "package/linknx/Config.in"
 >  	source "package/links/Config.in"
 > diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 > new file mode 100644
 > index 0000000000..d725d136ff
 > --- /dev/null
 > +++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 > @@ -0,0 +1,31 @@
 > +From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
 > +From: Frank Vanbever <frank.vanbever@essensium.com>
 > +Date: Fri, 10 Jan 2020 11:14:43 +0100
 > +Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
 > +
 > +When the CANONICAL_HOST is unknown the configure script exits
 > +with exit code 0 even though no makefile was produced.
 > +
 > +patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
 > +
 > +Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
 > +---
 > + configure.ac | 2 +-
 > + 1 file changed, 1 insertion(+), 1 deletion(-)
 > +
 > +diff --git a/configure.ac b/configure.ac
 > +index 95e48843..5e6971f4 100644
 > +--- a/configure.ac
 > ++++ b/configure.ac
 > +@@ -193,7 +193,7 @@ case $host in
 > +     ;;
 > +        *)
 > +     echo "Unknown CANONICAL_HOST $host"
 > +-    exit
 > ++    exit 1

What is the use of this patch in Buildroot? I mean, it looks correct but
we should ensure the configure script can correctly detect
CANONICAL_HOST (whatever that is), so this should never trigger?


 > +++ b/package/libmodsecurity/libmodsecurity.mk
 > @@ -0,0 +1,59 @@
 > +################################################################################
 > +#
 > +# libmodsecurity
 > +#
 > +################################################################################
 > +
 > +LIBMODSECURITY_VERSION = 3.0.3
 > +LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
 > +LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/$(LIBMODSECURITY_VERSION)
 > +LIBMODSECURITY_INSTALL_STAGING = YES
 > +LIBMODSECURITY_LICENSE = Apache-2.0
 > +LIBMODSECURITY_LICENSE_FILES = LICENSE
 > +LIBMODSECURITY_AUTORECONF = YES

Please add a comment about why this is done, E.G.

0002-test-for-uClinux-in-configure-script.patch

 > +LIBMODSECURITY_CONF_ENV = \
 > +	ac_cv_file_others_libinjection_src_libinjection_html5_c=yes # Necessary to work around AC_CHECK_FILE cross-compile limitation
 > +
 > +LIBMODSECURITY_DEPENDENCIES = pcre
 > +LIBMODSECURITY_CONF_OPTS =  --disable-examples

One space too many after =

> +
 > +ifeq ($(BR2_PACKAGE_LIBXML2),y)
 > +LIBMODSECURITY_DEPENDENCIES += libxml2
 > +LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)"
 > +else
 > +LIBMODSECURITY_CONF_OPTS += --with-libxml="no"

Is the more standard --without-libxml not supported?

 > +ifeq ($(BR2_PACKAGE_LUA),y)
 > +LIBMODSECURITY_DEPENDENCIES += lua

Does this work both with lua 5.1 and 5.3?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/2] libmodescurity: new package

[Arnout Vandecappelle]

On 10/01/2020 16:19, Peter Korsgaard wrote:
>  > diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
>  > new file mode 100644
>  > index 0000000000..d725d136ff
>  > --- /dev/null
>  > +++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
>  > @@ -0,0 +1,31 @@
>  > +From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
>  > +From: Frank Vanbever <frank.vanbever@essensium.com>
>  > +Date: Fri, 10 Jan 2020 11:14:43 +0100
>  > +Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
>  > +
>  > +When the CANONICAL_HOST is unknown the configure script exits
>  > +with exit code 0 even though no makefile was produced.
>  > +
>  > +patch was submitted upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
>  > +
>  > +Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
>  > +---
>  > + configure.ac | 2 +-
>  > + 1 file changed, 1 insertion(+), 1 deletion(-)
>  > +
>  > +diff --git a/configure.ac b/configure.ac
>  > +index 95e48843..5e6971f4 100644
>  > +--- a/configure.ac
>  > ++++ b/configure.ac
>  > +@@ -193,7 +193,7 @@ case $host in
>  > +     ;;
>  > +        *)
>  > +     echo "Unknown CANONICAL_HOST $host"
>  > +-    exit
>  > ++    exit 1
> 
> What is the use of this patch in Buildroot? I mean, it looks correct but
> we should ensure the configure script can correctly detect
> CANONICAL_HOST (whatever that is), so this should never trigger?

 Without this patch, if there is some platform for which CANONICAL_HOST does not
get set correctly, you get a very cryptic error instead of a failure of the
configure step. So hopefully this patch isn't needed, but if it is actually
needed because CANONICAL_HOST is still not correct, it helps us a lot.

 In other words, I would keep it in Buildroot.

 Regards,
 Arnout

[Buildroot] [PATCH 1/2] libmodescurity: new package

[Peter Korsgaard]

>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:

Hi,

 >> > +-    exit
 >> > ++    exit 1
 >> 
 >> What is the use of this patch in Buildroot? I mean, it looks correct but
 >> we should ensure the configure script can correctly detect
 >> CANONICAL_HOST (whatever that is), so this should never trigger?

 >  Without this patch, if there is some platform for which CANONICAL_HOST does not
 > get set correctly, you get a very cryptic error instead of a failure of the
 > configure step. So hopefully this patch isn't needed, but if it is actually
 > needed because CANONICAL_HOST is still not correct, it helps us a lot.

 >  In other words, I would keep it in Buildroot.

Fine by me, and it hopefully will soon be applied upstream.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v2 1/2] package/libmodsecurity: new package

[Frank Vanbever]

The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the
libmodconfig pkg-config file making builds that statically link against
libmodsecurity fail.

Lua is disabled due to using the host libraries.
Yajl is disabled as enabling it forces the tests to be built. These tests have a
hard dependency on libmodsecurity.a which is not built when --disable-static is
used in the configuration. There is no flag to disable these tests.

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
Changes v1 -> v2:
- bump version to 3.0.4
- fix URL
- Move menu entry to Libraries/Networking
- Add reconf comment
- Coding style fixes
- cleaned up CONF_OPTS
- Add explicit C++ & static dependency
- Explicitly disabled unavailable dependencies
- Explicitly disabled Yajl and Lua
- Cleaned up dependencies

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                    |  3 +
 package/Config.in                             |  1 +
 ...-CANONICAL_HOST-cannot-be-determined.patch | 31 +++++++++++
 ...test-for-uClinux-in-configure-script.patch | 28 ++++++++++
 package/libmodsecurity/Config.in              | 19 +++++++
 package/libmodsecurity/libmodsecurity.hash    |  4 ++
 package/libmodsecurity/libmodsecurity.mk      | 55 +++++++++++++++++++
 7 files changed, 141 insertions(+)
 create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
 create mode 100644 package/libmodsecurity/Config.in
 create mode 100644 package/libmodsecurity/libmodsecurity.hash
 create mode 100644 package/libmodsecurity/libmodsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index a1eb052652..e1546cf072 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -955,6 +955,9 @@ F:	package/ucl/
 F:	package/upx/
 F:	package/zxing-cpp/
 
+N:	Frank Vanbever <frank.vanbever@essensium.com>
+F:	package/libmodsecurity/
+
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
 F:	package/qt5/qt5webengine/
diff --git a/package/Config.in b/package/Config.in
index 4c94914680..1540871dcc 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1656,6 +1656,7 @@ menu "Networking"
 	source "package/libminiupnpc/Config.in"
 	source "package/libmnl/Config.in"
 	source "package/libmodbus/Config.in"
+	source "package/libmodsecurity/Config.in"
 	source "package/libnatpmp/Config.in"
 	source "package/libndp/Config.in"
 	source "package/libnet/Config.in"
diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
new file mode 100644
index 0000000000..ab00a14e2a
--- /dev/null
+++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
@@ -0,0 +1,31 @@
+From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:14:43 +0100
+Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
+
+When the CANONICAL_HOST is unknown the configure script exits
+with exit code 0 even though no makefile was produced.
+
+Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 95e48843..5e6971f4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,7 +193,7 @@ case $host in
+     ;;
+        *)
+     echo "Unknown CANONICAL_HOST $host"
+-    exit
++    exit 1
+     ;;
+ esac
+ 
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
new file mode 100644
index 0000000000..ccd96fea95
--- /dev/null
+++ b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
@@ -0,0 +1,28 @@
+From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:24:43 +0100
+Subject: [PATCH] test for uClinux in configure script
+
+Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5e6971f4..51d38071 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -156,7 +156,7 @@ case $host in
+     AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
+     PLATFORM="MacOSX"
+     ;;
+-  *-*-linux*)
++  *-*-linux* | *-*uclinux*)
+     echo "Checking platform... Identified as Linux"
+     AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
+     PLATFORM="Linux"
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
new file mode 100644
index 0000000000..129881b0de
--- /dev/null
+++ b/package/libmodsecurity/Config.in
@@ -0,0 +1,19 @@
+config BR2_PACKAGE_LIBMODSECURITY
+	bool "libmodsecurity"
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on !BR2_STATIC_LIBS
+	select BR2_PACKAGE_PCRE
+	help
+	  Libmodsecurity is one component of the ModSecurity
+	  v3 project. The library codebase serves as an
+	  interface to ModSecurity Connectors taking in web
+	  traffic and applying traditional ModSecurity
+	  processing. In general, it provides the capability
+	  to load/interpret rules written in the ModSecurity
+	  SecRules format and apply them to HTTP content
+	  provided by your application via Connectors.
+
+	  https://github.com/SpiderLabs/ModSecurity
+
+comment "libmodsecurity needs a toolchain w/ C++, dynamic library"
+	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
new file mode 100644
index 0000000000..ddce3ef9c6
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.4/modsecurity-v3.0.4.tar.gz.sha256
+sha256  b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22  modsecurity-v3.0.4.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
new file mode 100644
index 0000000000..c32bfb4b3c
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -0,0 +1,55 @@
+################################################################################
+#
+# libmodsecurity
+#
+################################################################################
+
+LIBMODSECURITY_VERSION = 3.0.4
+LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
+LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
+LIBMODSECURITY_INSTALL_STAGING = YES
+LIBMODSECURITY_LICENSE = Apache-2.0
+LIBMODSECURITY_LICENSE_FILES = LICENSE
+# 0002-test-for-uClinux-in-configure-script.patch
+LIBMODSECURITY_AUTORECONF = YES
+# libinjection uses AC_CHECK_FILE, not available in cross-compile
+LIBMODSECURITY_CONF_ENV = \
+	ac_cv_file_others_libinjection_src_libinjection_html5_c=yes
+
+LIBMODSECURITY_DEPENDENCIES = pcre
+LIBMODSECURITY_CONF_OPTS = \
+	--disable-examples \
+	--without-lmdb \
+	--without-ssdeep \
+	--without-lua \
+	--without-yajl
+
+ifeq ($(BR2_PACKAGE_LIBXML2),y)
+LIBMODSECURITY_DEPENDENCIES += libxml2
+LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)/usr/bin/xml2-config"
+else
+LIBMODSECURITY_CONF_OPTS += --without-libxml
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+LIBMODSECURITY_DEPENDENCIES += libcurl
+LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)/usr/bin/curl-config"
+else
+LIBMODSECURITY_CONF_OPTS += --without-curl
+endif
+
+ifeq ($(BR2_PACKAGE_GEOIP),y)
+LIBMODSECURITY_DEPENDENCIES += geoip
+LIBMODSECURITY_CONF_OPTS += --with-geoip
+else
+LIBMODSECURITY_CONF_OPTS += --without-geoip
+endif
+
+ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
+LIBMODSECURITY_DEPENDENCIES += libmaxminddb
+LIBMODSECURITY_CONF_OPTS += --with-maxmind
+else
+LIBMODSECURITY_CONF_OPTS += --without-maxmind
+endif
+
+$(eval $(autotools-package))
-- 
2.20.1

[Buildroot] [PATCH v2 2/2] nginx-modsecurity: new package

[Frank Vanbever]

This commit adds the modsecurity-nginx nginx module.
The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.
---
Changes v1 -> v2:
- Put menu entry in correct alphabetic position
- Add dependencies inherited from libmodsecurity

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                       |  1 +
 package/Config.in                                |  1 +
 package/nginx-modsecurity/Config.in              | 15 +++++++++++++++
 package/nginx-modsecurity/nginx-modsecurity.hash |  4 ++++
 package/nginx-modsecurity/nginx-modsecurity.mk   | 14 ++++++++++++++
 package/nginx/nginx.mk                           |  5 +++++
 6 files changed, 40 insertions(+)
 create mode 100644 package/nginx-modsecurity/Config.in
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.hash
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index e1546cf072..4af485f199 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -957,6 +957,7 @@ F:	package/zxing-cpp/
 
 N:	Frank Vanbever <frank.vanbever@essensium.com>
 F:	package/libmodsecurity/
+F:	package/nginx-modsecurity/
 
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
diff --git a/package/Config.in b/package/Config.in
index 1540871dcc..714402fd5f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2076,6 +2076,7 @@ menu "Networking applications"
 if BR2_PACKAGE_NGINX
 menu "External nginx modules"
 	source "package/nginx-dav-ext/Config.in"
+	source "package/nginx-modsecurity/Config.in"
 	source "package/nginx-naxsi/Config.in"
 	source "package/nginx-upload/Config.in"
 endmenu
diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in
new file mode 100644
index 0000000000..68f6a81045
--- /dev/null
+++ b/package/nginx-modsecurity/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_NGINX_MODSECURITY
+	bool "nginx-modsecurity"
+	depends on BR2_INSTALL_LIBSTDCPP # libmodsecurity
+	depends on !BR2_STATIC_LIBS # libmodsecurity
+	select BR2_PACKAGE_PCRE # libmodsecurity
+	select BR2_PACKAGE_LIBMODSECURITY
+	help
+	  The ModSecurity-nginx connector is the connection
+	  point between nginx and libmodsecurity
+	  (ModSecurity v3).
+
+	  https://github.com/SpiderLabs/ModSecurity-nginx
+
+comment "nginx-modsecurity needs a toolchain w/ C++, dynamic library"
+	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS
diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash
new file mode 100644
index 0000000000..d2dd266ac1
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256
+sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk
new file mode 100644
index 0000000000..6d33403d66
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# nginx-modsecurity
+#
+################################################################################
+
+NGINX_MODSECURITY_VERSION = 1.0.1
+NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz
+NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$(NGINX_MODSECURITY_VERSION)
+NGINX_MODSECURITY_LICENSE = Apache-2.0
+NGINX_MODSECURITY_LICENSE_FILES = LICENSE
+NGINX_MODSECURITY_DEPENDENCIES = libmodsecurity
+
+$(eval $(generic-package))
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index f895b78779..a9eac57adc 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -250,6 +250,11 @@ NGINX_DEPENDENCIES += nginx-naxsi
 NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src
 endif
 
+ifeq ($(BR2_PACKAGE_NGINX_MODSECURITY),y)
+NGINX_DEPENDENCIES += nginx-modsecurity
+NGINX_CONF_OPTS += --add-module=$(NGINX_MODSECURITY_DIR)
+endif
+
 # Debug logging
 NGINX_CONF_OPTS += $(if $(BR2_PACKAGE_NGINX_DEBUG),--with-debug)
 
-- 
2.20.1

[Buildroot] [PATCH v3 1/2] package/libmodsecurity: new package

[Frank Vanbever]

The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the
libmodconfig pkg-config file making builds that statically link against
libmodsecurity fail.

Lua is disabled due to using the host libraries.
Yajl is disabled as enabling it forces the tests to be built. These tests have a
hard dependency on libmodsecurity.a which is not built when --disable-static is
used in the configuration. There is no flag to disable these tests.

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
Changes v2 -> v3: nothing
Changes v1 -> v2:
- bump version to 3.0.4
- fix URL
- Move menu entry to Libraries/Networking
- Add reconf comment
- Coding style fixes
- cleaned up CONF_OPTS
- Add explicit C++ & static dependency
- Explicitly disabled unavailable dependencies
- Explicitly disabled Yajl and Lua
- Cleaned up dependencies

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                    |  3 +
 package/Config.in                             |  1 +
 ...-CANONICAL_HOST-cannot-be-determined.patch | 31 +++++++++++
 ...test-for-uClinux-in-configure-script.patch | 28 ++++++++++
 package/libmodsecurity/Config.in              | 19 +++++++
 package/libmodsecurity/libmodsecurity.hash    |  4 ++
 package/libmodsecurity/libmodsecurity.mk      | 55 +++++++++++++++++++
 7 files changed, 141 insertions(+)
 create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
 create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
 create mode 100644 package/libmodsecurity/Config.in
 create mode 100644 package/libmodsecurity/libmodsecurity.hash
 create mode 100644 package/libmodsecurity/libmodsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index d5f7bdb8f7..513afd32e5 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -955,6 +955,9 @@ F:	package/ucl/
 F:	package/upx/
 F:	package/zxing-cpp/
 
+N:	Frank Vanbever <frank.vanbever@essensium.com>
+F:	package/libmodsecurity/
+
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
 F:	package/qt5/qt5webengine/
diff --git a/package/Config.in b/package/Config.in
index db35848fed..c4e89d3ff3 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1657,6 +1657,7 @@ menu "Networking"
 	source "package/libminiupnpc/Config.in"
 	source "package/libmnl/Config.in"
 	source "package/libmodbus/Config.in"
+	source "package/libmodsecurity/Config.in"
 	source "package/libnatpmp/Config.in"
 	source "package/libndp/Config.in"
 	source "package/libnet/Config.in"
diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
new file mode 100644
index 0000000000..ab00a14e2a
--- /dev/null
+++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
@@ -0,0 +1,31 @@
+From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:14:43 +0100
+Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
+
+When the CANONICAL_HOST is unknown the configure script exits
+with exit code 0 even though no makefile was produced.
+
+Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 95e48843..5e6971f4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -193,7 +193,7 @@ case $host in
+     ;;
+        *)
+     echo "Unknown CANONICAL_HOST $host"
+-    exit
++    exit 1
+     ;;
+ esac
+ 
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
new file mode 100644
index 0000000000..ccd96fea95
--- /dev/null
+++ b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
@@ -0,0 +1,28 @@
+From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001
+From: Frank Vanbever <frank.vanbever@essensium.com>
+Date: Fri, 10 Jan 2020 11:24:43 +0100
+Subject: [PATCH] test for uClinux in configure script
+
+Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
+
+Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5e6971f4..51d38071 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -156,7 +156,7 @@ case $host in
+     AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
+     PLATFORM="MacOSX"
+     ;;
+-  *-*-linux*)
++  *-*-linux* | *-*uclinux*)
+     echo "Checking platform... Identified as Linux"
+     AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
+     PLATFORM="Linux"
+-- 
+2.20.1
+
diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
new file mode 100644
index 0000000000..129881b0de
--- /dev/null
+++ b/package/libmodsecurity/Config.in
@@ -0,0 +1,19 @@
+config BR2_PACKAGE_LIBMODSECURITY
+	bool "libmodsecurity"
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on !BR2_STATIC_LIBS
+	select BR2_PACKAGE_PCRE
+	help
+	  Libmodsecurity is one component of the ModSecurity
+	  v3 project. The library codebase serves as an
+	  interface to ModSecurity Connectors taking in web
+	  traffic and applying traditional ModSecurity
+	  processing. In general, it provides the capability
+	  to load/interpret rules written in the ModSecurity
+	  SecRules format and apply them to HTTP content
+	  provided by your application via Connectors.
+
+	  https://github.com/SpiderLabs/ModSecurity
+
+comment "libmodsecurity needs a toolchain w/ C++, dynamic library"
+	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
new file mode 100644
index 0000000000..ddce3ef9c6
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.4/modsecurity-v3.0.4.tar.gz.sha256
+sha256  b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22  modsecurity-v3.0.4.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
new file mode 100644
index 0000000000..c32bfb4b3c
--- /dev/null
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -0,0 +1,55 @@
+################################################################################
+#
+# libmodsecurity
+#
+################################################################################
+
+LIBMODSECURITY_VERSION = 3.0.4
+LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
+LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
+LIBMODSECURITY_INSTALL_STAGING = YES
+LIBMODSECURITY_LICENSE = Apache-2.0
+LIBMODSECURITY_LICENSE_FILES = LICENSE
+# 0002-test-for-uClinux-in-configure-script.patch
+LIBMODSECURITY_AUTORECONF = YES
+# libinjection uses AC_CHECK_FILE, not available in cross-compile
+LIBMODSECURITY_CONF_ENV = \
+	ac_cv_file_others_libinjection_src_libinjection_html5_c=yes
+
+LIBMODSECURITY_DEPENDENCIES = pcre
+LIBMODSECURITY_CONF_OPTS = \
+	--disable-examples \
+	--without-lmdb \
+	--without-ssdeep \
+	--without-lua \
+	--without-yajl
+
+ifeq ($(BR2_PACKAGE_LIBXML2),y)
+LIBMODSECURITY_DEPENDENCIES += libxml2
+LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)/usr/bin/xml2-config"
+else
+LIBMODSECURITY_CONF_OPTS += --without-libxml
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCURL),y)
+LIBMODSECURITY_DEPENDENCIES += libcurl
+LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)/usr/bin/curl-config"
+else
+LIBMODSECURITY_CONF_OPTS += --without-curl
+endif
+
+ifeq ($(BR2_PACKAGE_GEOIP),y)
+LIBMODSECURITY_DEPENDENCIES += geoip
+LIBMODSECURITY_CONF_OPTS += --with-geoip
+else
+LIBMODSECURITY_CONF_OPTS += --without-geoip
+endif
+
+ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
+LIBMODSECURITY_DEPENDENCIES += libmaxminddb
+LIBMODSECURITY_CONF_OPTS += --with-maxmind
+else
+LIBMODSECURITY_CONF_OPTS += --without-maxmind
+endif
+
+$(eval $(autotools-package))
-- 
2.20.1

[Buildroot] [PATCH v3 2/2] package/nginx-modsecurity: new package

[Frank Vanbever]

The name of the package diverges slightly from upstream to maintain
consistency with other nginx modules already present.
---
Changes v2 -> v3:
- fixed commit message format

Changes v1 -> v2:
- Put menu entry in correct alphabetic position
- Add dependencies inherited from libmodsecurity

Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
---
 DEVELOPERS                                       |  1 +
 package/Config.in                                |  1 +
 package/nginx-modsecurity/Config.in              | 15 +++++++++++++++
 package/nginx-modsecurity/nginx-modsecurity.hash |  4 ++++
 package/nginx-modsecurity/nginx-modsecurity.mk   | 14 ++++++++++++++
 package/nginx/nginx.mk                           |  5 +++++
 6 files changed, 40 insertions(+)
 create mode 100644 package/nginx-modsecurity/Config.in
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.hash
 create mode 100644 package/nginx-modsecurity/nginx-modsecurity.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 513afd32e5..e0a85579ef 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -957,6 +957,7 @@ F:	package/zxing-cpp/
 
 N:	Frank Vanbever <frank.vanbever@essensium.com>
 F:	package/libmodsecurity/
+F:	package/nginx-modsecurity/
 
 N:	Ga?l Portay <gael.portay@collabora.com>
 F:	package/qt5/qt5virtualkeyboard/
diff --git a/package/Config.in b/package/Config.in
index c4e89d3ff3..7c1a2aa7bb 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2077,6 +2077,7 @@ menu "Networking applications"
 if BR2_PACKAGE_NGINX
 menu "External nginx modules"
 	source "package/nginx-dav-ext/Config.in"
+	source "package/nginx-modsecurity/Config.in"
 	source "package/nginx-naxsi/Config.in"
 	source "package/nginx-upload/Config.in"
 endmenu
diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in
new file mode 100644
index 0000000000..68f6a81045
--- /dev/null
+++ b/package/nginx-modsecurity/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_NGINX_MODSECURITY
+	bool "nginx-modsecurity"
+	depends on BR2_INSTALL_LIBSTDCPP # libmodsecurity
+	depends on !BR2_STATIC_LIBS # libmodsecurity
+	select BR2_PACKAGE_PCRE # libmodsecurity
+	select BR2_PACKAGE_LIBMODSECURITY
+	help
+	  The ModSecurity-nginx connector is the connection
+	  point between nginx and libmodsecurity
+	  (ModSecurity v3).
+
+	  https://github.com/SpiderLabs/ModSecurity-nginx
+
+comment "nginx-modsecurity needs a toolchain w/ C++, dynamic library"
+	depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS
diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash
new file mode 100644
index 0000000000..d2dd266ac1
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.hash
@@ -0,0 +1,4 @@
+# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256
+sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz
+# Localy calculated
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk
new file mode 100644
index 0000000000..6d33403d66
--- /dev/null
+++ b/package/nginx-modsecurity/nginx-modsecurity.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# nginx-modsecurity
+#
+################################################################################
+
+NGINX_MODSECURITY_VERSION = 1.0.1
+NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz
+NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$(NGINX_MODSECURITY_VERSION)
+NGINX_MODSECURITY_LICENSE = Apache-2.0
+NGINX_MODSECURITY_LICENSE_FILES = LICENSE
+NGINX_MODSECURITY_DEPENDENCIES = libmodsecurity
+
+$(eval $(generic-package))
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index 59fddbb42e..5c828d3bb0 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -250,6 +250,11 @@ NGINX_DEPENDENCIES += nginx-naxsi
 NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src
 endif
 
+ifeq ($(BR2_PACKAGE_NGINX_MODSECURITY),y)
+NGINX_DEPENDENCIES += nginx-modsecurity
+NGINX_CONF_OPTS += --add-module=$(NGINX_MODSECURITY_DIR)
+endif
+
 # Debug logging
 NGINX_CONF_OPTS += $(if $(BR2_PACKAGE_NGINX_DEBUG),--with-debug)
 
-- 
2.20.1

[Buildroot] [PATCH v3 1/2] package/libmodsecurity: new package

[Peter Korsgaard]

>>>>> "Frank" == Frank Vanbever <frank.vanbever@essensium.com> writes:

 > The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the
 > libmodconfig pkg-config file making builds that statically link against
 > libmodsecurity fail.

 > Lua is disabled due to using the host libraries.
 > Yajl is disabled as enabling it forces the tests to be built. These tests have a
 > hard dependency on libmodsecurity.a which is not built when --disable-static is
 > used in the configuration. There is no flag to disable these tests.

 > Signed-off-by: Frank Vanbever <frank.vanbever@essensium.com>
 > ---
 > Changes v2 -> v3: nothing
 > Changes v1 -> v2:
 > - bump version to 3.0.4
 > - fix URL
 > - Move menu entry to Libraries/Networking
 > - Add reconf comment
 > - Coding style fixes
 > - cleaned up CONF_OPTS
 > - Add explicit C++ & static dependency
 > - Explicitly disabled unavailable dependencies
 > - Explicitly disabled Yajl and Lua
 > - Cleaned up dependencies

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH v3 2/2] package/nginx-modsecurity: new package

[Peter Korsgaard]

>>>>> "Frank" == Frank Vanbever <frank.vanbever@essensium.com> writes:

 > The name of the package diverges slightly from upstream to maintain
 > consistency with other nginx modules already present.
 > ---
 > Changes v2 -> v3:
 > - fixed commit message format

Committed, thanks.

-- 
Bye, Peter Korsgaard