www/nginx-devel: update third-party naxsi module to 1.5 (+)

Change the distribution point to GH/wargio due to inactivity in GH/nbs-system. Update patches. Bump PORTREVISION.
author: Sergey A. Osokin <osa@FreeBSD.org> 2023-09-27 14:30:56 +0000
committer: Sergey A. Osokin <osa@FreeBSD.org> 2023-09-27 14:34:40 +0000
commit: 44fdcb4c710f8980f1df24cd426abd4fb8dcf59f (patch)
tree: 31c2db18b31c617966df4156aa08b7a2c99dd7a2
parent: 2944f5e8c102df462b3f898500ab9bcbec9e01c9 (diff)
download: ports-44fdcb4c710f8980f1df24cd426abd4fb8dcf59f.tar.gz
ports-44fdcb4c710f8980f1df24cd426abd4fb8dcf59f.zip
6 files changed, 55 insertions, 31 deletions
diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile
index ca52cb1cc231..5533762cbcce 100644
--- a/www/nginx-devel/Makefile
+++ b/www/nginx-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME?=	nginx
 PORTVERSION=	1.25.2
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
 		LOCAL/osa
@@ -265,6 +265,10 @@ pre-everything::
 .endif
 	@${ECHO_MSG}
 
+post-extract-NAXSI-on:
+	@${RMDIR} ${WRKSRC_naxsi}/naxsi_src/libinjection
+	@${LN} -s ${WRKSRC_libinjection} ${WRKSRC_naxsi}/naxsi_src/libinjection
+
 pre-patch-HTTPV3-on:
 	@${MV} ${WRKSRC}/README ${WRKSRC}/README.1st
 
@@ -355,7 +359,7 @@ do-install-LINK-on:
 
 do-install-NAXSI-on:
 	${INSTALL_DATA} \
-	${WRKDIR}/naxsi-${NAXSI_NGINX_VER}/naxsi_config/naxsi_core.rules \
+	${WRKDIR}/naxsi-${NAXSI_NGINX_VER}/naxsi_rules/naxsi_core.rules \
 	${STAGEDIR}${ETCDIR}
 .endif
 
diff --git a/www/nginx-devel/Makefile.extmod b/www/nginx-devel/Makefile.extmod
index 3179ad66a4b1..201b688de894 100644
--- a/www/nginx-devel/Makefile.extmod
+++ b/www/nginx-devel/Makefile.extmod
@@ -231,10 +231,12 @@ MODSECURITY3_LIB_DEPENDS=	libmodsecurity.so:security/modsecurity3
 MODSECURITY3_GH_TUPLE=		SpiderLabs:ModSecurity-nginx:v1.0.3:modsecurity3
 MODSECURITY3_VARS=		DSO_EXTMODS+=modsecurity3
 
-NAXSI_NGINX_VER=	29793dc
-NAXSI_GH_TUPLE=		nbs-system:naxsi:${NAXSI_NGINX_VER}:naxsi
+NAXSI_NGINX_VER=	1.5
+NAXSI_GH_TUPLE=		wargio:naxsi:${NAXSI_NGINX_VER}:naxsi \
+			libinjection:libinjection:51f3a96:libinjection
 NAXSI_VARS=		DSO_EXTMODS+=naxsi NAXSI_SUBDIR=/naxsi_src
-NAXSI_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-naxsi_runtime.c
+NAXSI_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-naxsi-libinjection__sqli_c \
+			${PATCHDIR}/extra-patch-naxsi_config
 
 NJS_GH_TUPLE=		nginx:njs:0.8.1:njs
 NJS_VARS=		DSO_EXTMODS+=njs NJS_SUBDIR=/nginx
diff --git a/www/nginx-devel/distinfo b/www/nginx-devel/distinfo
index 1f9bf0eafec8..901e2a898680 100644
--- a/www/nginx-devel/distinfo
+++ b/www/nginx-devel/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1694980577
+TIMESTAMP = 1695822030
 SHA256 (nginx-1.25.2.tar.gz) = 05dd6d9356d66a74e61035f2a42162f8c754c97cf1ba64e7a801ba158d6c0711
 SIZE (nginx-1.25.2.tar.gz) = 1214903
 SHA256 (nginx_mogilefs_module-1.0.4.tar.gz) = 7ac230d30907f013dff8d435a118619ea6168aa3714dba62c6962d350c6295ae
@@ -103,8 +103,10 @@ SHA256 (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 8c2bdbe875e4f5225d0778bf
 SIZE (openresty-memc-nginx-module-v0.19_GH0.tar.gz) = 34654
 SHA256 (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 32a42256616cc674dca24c8654397390adff15b888b77eb74e0687f023c8751b
 SIZE (SpiderLabs-ModSecurity-nginx-v1.0.3_GH0.tar.gz) = 34063
-SHA256 (nbs-system-naxsi-29793dc_GH0.tar.gz) = 579df0e50ff32464f7bb152df9d93ea18c05c4aa3966ec4d8c603b5dd629be08
-SIZE (nbs-system-naxsi-29793dc_GH0.tar.gz) = 236932
+SHA256 (wargio-naxsi-1.5_GH0.tar.gz) = 811980efb5c227b29763f0d4eb9b6af096c2ebf33519664dc50004ba0bd9ab50
+SIZE (wargio-naxsi-1.5_GH0.tar.gz) = 1115759
+SHA256 (libinjection-libinjection-51f3a96_GH0.tar.gz) = 617090d8afcf3220e9e4ee00a1c76d323ce1b3212f727fc32ee75634848fb014
+SIZE (libinjection-libinjection-51f3a96_GH0.tar.gz) = 2217537
 SHA256 (nginx-njs-0.8.1_GH0.tar.gz) = 0450d9652d3cfe7dd9f802d6f790a3616e1612eef447195cd3daa5d43b395881
 SIZE (nginx-njs-0.8.1_GH0.tar.gz) = 729780
 SHA256 (opentracing-contrib-nginx-opentracing-v0.24.0_GH0.tar.gz) = 5328c5f37e0615b5252aed51b9cd40f3d14989d995ad54134076aeda4ab9b280
diff --git a/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c b/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c
new file mode 100644
index 000000000000..9aeec390a0de
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-naxsi-libinjection__sqli_c
@@ -0,0 +1,13 @@
+--- ../libinjection-51f3a96/src/libinjection_sqli.c.orig	2023-05-30 15:47:57.333208000 -0400
++++ ../libinjection-51f3a96/src/libinjection_sqli.c	2023-05-30 15:49:52.273873000 -0400
+@@ -305,8 +303,8 @@
+ static void st_assign(stoken_t * st, const char stype,
+                       size_t pos, size_t len, const char* value)
+ {
+-    const size_t MSIZE = LIBINJECTION_SQLI_TOKEN_SIZE;
+-    size_t last = len < MSIZE ? len : (MSIZE - 1);
++    const size_t NAXSI_MSIZE = LIBINJECTION_SQLI_TOKEN_SIZE;
++    size_t last = len < NAXSI_MSIZE ? len : (NAXSI_MSIZE - 1);
+     st->type = (char) stype;
+     st->pos = pos;
+     st->len = last;
diff --git a/www/nginx-devel/files/extra-patch-naxsi_config b/www/nginx-devel/files/extra-patch-naxsi_config
new file mode 100644
index 000000000000..a73cf8f4e085
--- /dev/null
+++ b/www/nginx-devel/files/extra-patch-naxsi_config
@@ -0,0 +1,26 @@
+--- ../naxsi-1.5/naxsi_src/config.orig	2023-09-27 09:43:18.644606000 -0400
++++ ../naxsi-1.5/naxsi_src/config	2023-09-27 09:44:37.585970000 -0400
+@@ -24,11 +24,6 @@
+ "
+ 
+ # try to use libinjection as system library
+-LIBINJECTION_CFLAGS="$(pkg-config --cflags libinjection)"
+-LIBINJECTION_LIBS="$(pkg-config --libs libinjection)"
+-LIBINJECTION_FOUND="$?"
+-
+-if [ "$LIBINJECTION_FOUND" != "0" ]; then
+     if [ ! -d "$ngx_addon_dir/libinjection/src/" ]; then
+         echo "Cannot find 'libinjection' submodule."
+         exit 1;
+@@ -43,11 +38,6 @@
+         naxsi_sources="$naxsi_sources $ngx_addon_dir/libinjection_ngxbuild/$src_file"
+     done;
+     CFLAGS="$CFLAGS -DLIBINJECTION_VERSION=0 -I$ngx_addon_dir/libinjection_ngxbuild/"
+-else
+-    echo "Using system libinjection"
+-    CFLAGS="$CFLAGS $LIBINJECTION_CFLAGS"
+-    ngx_feature_libs="$LIBINJECTION_LIBS"
+-fi
+ 
+ # NGINX module condfiguration.
+ ngx_addon_name=naxsi
diff --git a/www/nginx-devel/files/extra-patch-naxsi_runtime.c b/www/nginx-devel/files/extra-patch-naxsi_runtime.c
deleted file mode 100644
index c08dd1f92540..000000000000
--- a/www/nginx-devel/files/extra-patch-naxsi_runtime.c
+++ /dev/null
@@ -1,23 +0,0 @@
---- ../naxsi-29793dc/naxsi_src/naxsi_runtime.c.orig	2022-07-10 18:11:39.685243000 -0400
-+++ ../naxsi-29793dc/naxsi_src/naxsi_runtime.c	2022-07-10 18:14:53.935554000 -0400
-@@ -9,6 +9,11 @@
- #include "naxsi_macros.h"
- #include "naxsi_net.h"
- 
-+#if (NGX_PCRE2)
-+#include <pcre2.h>
-+#else
-+#include <pcre.h>
-+#endif
- /* used to store locations during the configuration time.
-    then, accessed by the hashtable building feature during "init" time. */
- 
-@@ -181,7 +186,7 @@
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
- 
--#if defined nginx_version && (nginx_version >= 1021005)
-+#if (NGX_PCRE2)
- /*
-  * variables to use pcre2
-  */
author	Sergey A. Osokin <osa@FreeBSD.org>	2023-09-27 14:30:56 +0000
committer	Sergey A. Osokin <osa@FreeBSD.org>	2023-09-27 14:34:40 +0000
commit	44fdcb4c710f8980f1df24cd426abd4fb8dcf59f (patch)
tree	31c2db18b31c617966df4156aa08b7a2c99dd7a2
parent	2944f5e8c102df462b3f898500ab9bcbec9e01c9 (diff)
download	ports-44fdcb4c710f8980f1df24cd426abd4fb8dcf59f.tar.gz ports-44fdcb4c710f8980f1df24cd426abd4fb8dcf59f.zip