Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ModSecurity-nginx #54

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions rpm/SOURCES/modsecurity.pc
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
prefix=/usr/local/openresty/modsecurity
exec_prefix=${prefix}
libdir=@libdir@
includedir=${prefix}/include

Name: ModSecurity
Description: ModSecurity API
Version: 3.0.4
Cflags: -I${prefix}/include
Libs: -L@libdir@ -lmodsecurity
153 changes: 153 additions & 0 deletions rpm/SPECS/openresty-modsecurity.spec
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
Name: openresty-modsecurity
Version: 3.0.4
Release: 1%{?dist}
Summary: A library that loads/interprets rules written in the ModSecurity SecRules

License: ASL 2.0
URL: https://www.modsecurity.org/

Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz

# Back-port of the pkg-config file expected in the 3.0.3 release
Source1: modsecurity.pc

# Drop needless patch for 3.0.4
#Patch0: ModSecurity_cookie_parsing_fix_303.patch

BuildRequires: gcc-c++
BuildRequires: make
BuildRequires: flex
BuildRequires: bison
BuildRequires: git-core
BuildRequires: ssdeep-devel
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(yajl)
# Disable curl explicitly because of undefined reference with EVP_KDF_xxx
# It is defined in libssh system library.
#BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(geoip)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(lmdb)

# libinjection is supposed to be bundled (same as with mod_security 2.x)
# See: https://github.com/client9/libinjection#embedding
Provides: bundled(libinjection) = 3.9.2

%define orprefix %{_usr}/local/openresty
%define zlib_prefix %{orprefix}/zlib
%define pcre_prefix %{orprefix}/pcre
%define openssl_prefix %{orprefix}/openssl111
%define modsecurity_prefix %{orprefix}/modsecurity

%description
Libmodsecurity is one component of the ModSecurity v3 project.
The library codebase serves as an interface to ModSecurity Connectors
taking in web traffic and applying traditional ModSecurity processing.
In general, it provides the capability to load/interpret rules written
in the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.


%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%package static
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}

%description static
The %{name}-static package contains static libraries for developing
applications that use %{name}.



%prep
%autosetup -n modsecurity-v%{version} -S git


%build
export LD_LIBRARY_PATH=%{zlib_prefix}/lib:%{pcre_prefix}/lib:%{openssl_prefix}/lib
%configure --prefix=%{modsecurity_prefix} \
--bindir=%{modsecurity_prefix}/bin \
--libdir=%{modsecurity_prefix}/lib \
--includedir=%{modsecurity_prefix}/include \
--with-curl=no \
--with-lmdb
%make_build


%install
%make_install

# see Source1 above
mkdir -p %{buildroot}%{modsecurity_prefix}/lib/pkgconfig
sed s:@libdir@:%{modsecurity_prefix}/lib: <%{S:1} >%{buildroot}%{modsecurity_prefix}/lib/pkgconfig/modsecurity.pc



%files
%doc README.md AUTHORS
%{modsecurity_prefix}/lib/*.so.*
%{modsecurity_prefix}/bin/*
%license LICENSE

%files devel
%doc README.md AUTHORS
%{modsecurity_prefix}/include/*
%{modsecurity_prefix}/lib/*.so
%{modsecurity_prefix}/lib/pkgconfig
%license LICENSE

%files static
%{modsecurity_prefix}/lib/*.a
%{modsecurity_prefix}/lib/*.la


%changelog
* Wed Jan 6 2021 Kentaro Hayashi <[email protected]> - 3.0.4-1
- Update to 3.0.4.

* Sat Mar 21 2020 Othman Madjoudj <[email protected]> - 3.0.2-6
- Fix DoS vulnerability (CVE-2019-19886, RHBZ #1801720 / #1801719)

* Fri Feb 01 2019 Fedora Release Engineering <[email protected]> - 3.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Oct 19 2018 Dridi Boukelmoune <[email protected]> - 3.0.2-4
- Back-port of modsecurity.pc

* Fri Jul 13 2018 Fedora Release Engineering <[email protected]> - 3.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Sun Apr 29 2018 Athmane Madjoudj <[email protected]> - 3.0.2-2
- Rebuild after PR#1

* Sat Apr 14 2018 Athmane Madjoudj <[email protected]> - 3.0.2-1
- Update to 3.0.2 (rhbz #1563219)

* Wed Feb 07 2018 Fedora Release Engineering <[email protected]> - 3.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Sun Jan 21 2018 Athmane Madjoudj <[email protected]> - 3.0.0-1
- Update to 3.0.0 final release
- Drop upstreamed patch
- Add some new BRs

* Sun Oct 22 2017 Athmane Madjoudj <[email protected]> - 3.0.0-0.2.rc1
- Add a patch to fix the build on non-x86 arch

* Fri Sep 01 2017 Athmane Madjoudj <[email protected]> - 3.0.0-0.1.rc1
- Fix release tag

* Wed Aug 30 2017 Athmane Madjoudj <[email protected]> - 3.0.0-0.rc1
- Update to RC1
- Fix some spec issues

* Mon Feb 22 2016 Athmane Madjoudj <[email protected]> 3.0-0.git
- Initial release

18 changes: 15 additions & 3 deletions rpm/SPECS/openresty.spec
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@ Source0: https://openresty.org/download/openresty-%{version}.tar.gz
%define use_systemd 1
%endif

%define modsecurity_nginx_version v1.0.1

Source1: openresty.service
Source2: openresty.init
Source3: https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/%{modsecurity_nginx_version}/modsecurity-nginx-%{modsecurity_nginx_version}.tar.gz

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

Expand All @@ -26,6 +29,9 @@ BuildRequires: ccache, gcc, make, perl, systemtap-sdt-devel
BuildRequires: openresty-zlib-devel >= 1.2.11-3
BuildRequires: openresty-openssl111-devel >= 1.1.1h-1
BuildRequires: openresty-pcre-devel >= 8.44-1
%if 0%{?centos} >= 7
BuildRequires: openresty-modsecurity-devel
%endif
Requires: openresty-zlib >= 1.2.11-3
Requires: openresty-openssl111 >= 1.1.1h-1
Requires: openresty-pcre >= 8.44-1
Expand Down Expand Up @@ -62,6 +68,7 @@ AutoReqProv: no
%define zlib_prefix %{orprefix}/zlib
%define pcre_prefix %{orprefix}/pcre
%define openssl_prefix %{orprefix}/openssl111
%define modsecurity_prefix %{orprefix}/modsecurity


%description
Expand Down Expand Up @@ -96,6 +103,7 @@ a single box.
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/openresty-%{version}"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/tmp"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/builddir"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/modsecurity-nginx-%{modsecurity_nginx_version}";
%{nil}

%endif
Expand All @@ -122,7 +130,6 @@ Requires: perl(File::Spec), perl(FindBin), perl(List::Util), perl(Getopt::
BuildArch: noarch
%endif


%description resty
This package contains the "resty" command-line utility for OpenResty, which
runs OpenResty Lua scripts on the terminal using a headless NGINX behind the
Expand Down Expand Up @@ -187,15 +194,19 @@ This package provides the client side tool, opm, for OpenResty Pakcage Manager (


%prep
tar xf %{SOURCE3}
%setup -q -n "openresty-%{version}"


%build
export MODSECURITY_INC=%{modsecurity_prefix}/include
export MODSECURITY_LIB=%{modsecurity_prefix}/lib
export YAJL_LIB=%{_libdir}
./configure \
--prefix="%{orprefix}" \
--with-cc='ccache gcc -fdiagnostics-color=always' \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -I%{zlib_prefix}/include -I%{pcre_prefix}/include -I%{openssl_prefix}/include" \
--with-ld-opt="-L%{zlib_prefix}/lib -L%{pcre_prefix}/lib -L%{openssl_prefix}/lib -Wl,-rpath,%{zlib_prefix}/lib:%{pcre_prefix}/lib:%{openssl_prefix}/lib" \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -I%{zlib_prefix}/include -I%{pcre_prefix}/include -I%{openssl_prefix}/include -I%{modsecurity_prefix}/include -I%{_includedir}" \
--with-ld-opt="-L%{zlib_prefix}/lib -L%{pcre_prefix}/lib -L%{openssl_prefix}/lib -L%{modsecurity_prefix}/lib -Wl,-rpath,%{zlib_prefix}/lib:%{pcre_prefix}/lib:%{openssl_prefix}/lib:%{modsecurity_prefix}/lib -L%{_libdir}" \
--with-pcre-jit \
--without-http_rds_json_module \
--without-http_rds_csv_module \
Expand All @@ -222,6 +233,7 @@ This package provides the client side tool, opm, for OpenResty Pakcage Manager (
--with-threads \
--with-compat \
--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' \
--add-module=../modsecurity-nginx-%{modsecurity_nginx_version} \
%{?_smp_mflags}

make %{?_smp_mflags}
Expand Down