On 2020/08/24 14:28, Matthias Pitzl wrote: > Hello, > > This new port is needed for adding ModSecurity support to nginx. > > Excerpt from github: > ModSecurity is an open source, cross platform web application firewall (WAF) > engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. > It has a robust event-based programming language which provides protection > from > a range of attacks against web applications and allows for HTTP traffic > monitoring, logging and real-time analys... > > I will send an updated diff for adding the libmodsecurity connector to nginx > too. > > I've sent this port a few weeks ago but haven't got an OK or further feedback > except from Stuart. > > Greetings, > Matthias
Diff below with the following: - omit SEPARATE_BUILD=no, it's the default - -std=c++11 is used in build so base-gcc doesn't work - some things are compiled with -O3 [...] $CFLAGS, remove -O3 - regen plist ... also, this (not addressed in my diff) - there's "checking for PCRE JIT... yes" - I think this it should not be enabling this, IIRC pcre's jit isn't W^X friendly - looks like pcre maybe giving the wrong answer when the autoconf check is testing for this. diff e72775d84068ee980f1030295480628dd5f900eb /usr/ports/mystuff blob - c563f91f488e9752604bcca7d1d861562ba9c12d file + security/libmodsecurity/Makefile --- security/libmodsecurity/Makefile +++ security/libmodsecurity/Makefile @@ -19,7 +19,7 @@ MASTER_SITES = https://github.com/SpiderLabs/ModSecur PERMIT_PACKAGE = Yes -COMPILER = base-clang ports-gcc base-gcc +COMPILER = base-clang ports-gcc LIB_DEPENDS = converters/libiconv \ devel/libyajl \ @@ -28,9 +28,8 @@ LIB_DEPENDS = converters/libiconv \ net/libmaxminddb \ textproc/libxml -USE_GMAKE = yes +USE_GMAKE = Yes CONFIGURE_STYLE = gnu -SEPARATE_BUILD = no CONFIGURE_ARGS = --without-lmdb \ --without-ssdeep \ blob - /dev/null file + security/libmodsecurity/patches/patch-src_Makefile_in --- security/libmodsecurity/patches/patch-src_Makefile_in +++ security/libmodsecurity/patches/patch-src_Makefile_in @@ -0,0 +1,13 @@ +$OpenBSD$ + +Index: src/Makefile.in +--- src/Makefile.in.orig ++++ src/Makefile.in +@@ -1153,7 +1153,6 @@ libmodsecurity_la_CPPFLAGS = \ + -g \ + -I../others \ + -fPIC \ +- -O3 \ + -I../headers \ + $(GEOIP_CFLAGS) \ + $(GLOBAL_CPPFLAGS) \ blob - /dev/null file + security/libmodsecurity/patches/patch-src_parser_Makefile_in --- security/libmodsecurity/patches/patch-src_parser_Makefile_in +++ security/libmodsecurity/patches/patch-src_parser_Makefile_in @@ -0,0 +1,13 @@ +$OpenBSD$ + +Index: src/parser/Makefile.in +--- src/parser/Makefile.in.orig ++++ src/parser/Makefile.in +@@ -475,7 +475,6 @@ libmodsec_parser_la_CPPFLAGS = \ + -I.. \ + -g \ + -fPIC \ +- -O3 \ + $(GEOIP_CFLAGS) \ + $(GLOBAL_CPPFLAGS) \ + $(MODSEC_NO_LOGS) \ blob - fbd57c2002681256215c6e356baff41cab80e237 file + security/libmodsecurity/pkg/PLIST --- security/libmodsecurity/pkg/PLIST +++ security/libmodsecurity/pkg/PLIST @@ -21,10 +21,9 @@ include/modsecurity/rules_properties.h include/modsecurity/transaction.h include/modsecurity/variable_origin.h include/modsecurity/variable_value.h -lib/pkgconfig/modsecurity.pc -modsecurity/ @static-lib lib/libmodsecurity.a lib/libmodsecurity.la +@lib lib/libmodsecurity.so.${LIBmodsecurity_VERSION} +lib/pkgconfig/modsecurity.pc share/modsecurity/ share/modsecurity/unicode.mapping -@lib lib/libmodsecurity.so.${LIBmodsecurity_VERSION}
