From: Peter Seiderer <ps.report@gmx.net>
To: buildroot@buildroot.org
Cc: Samuel Martin <s.martin49@gmail.com>
Subject: [Buildroot] [PATCH v1 3/3] package/nginx-naxsi: bump version to d714f16
Date: Fri, 14 Apr 2023 23:35:04 +0200 [thread overview]
Message-ID: <20230414213504.14634-3-ps.report@gmx.net> (raw)
In-Reply-To: <20230414213504.14634-1-ps.report@gmx.net>
Update to latest upstream git version, fixes compile failure since
nginx-1.23.0:
src/event/ngx_event_udp.h:38:27: error: field ‘pkt6’ has incomplete type
38 | struct in6_pktinfo pkt6;
| ^~~~
.../nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2925:36: error: ‘r->headers_in.x_forwarded_for’ is a pointer; did you mean to use ‘->’?
2925 | if (r->headers_in.x_forwarded_for.nelts >= 1) {
| ^
| ->
- remove 0001-naxsi_src-naxsi_runtime.c-fix-build-without-x_forwar.patch
(upstream commit, see [1])
- remove 0002-PCRE2-compatibility.patch
(upstream commit, see [2])
Changelog (since 1.3):
- a2add9f docs: fix simple typo, registred -> registered (#538)
- aa9da98 Fix #541 - Removing useless assert.
- fbe6ffd Some includes are required for OpenBSD (#545)
- 296583f naxsi_src/naxsi_runtime.c: fix build without x_forwarded_for (#568)
- fe5df20 redirect naxsi log to a separate log file (#563)
- c81a4e3 parse HTTP PATCH requests and associated tests (#595)
- 2937c44 PCRE2 compatibility (#587)
- d714f16 Fixes NGINX >= v.1.23.0 (all credits @lubomudr) (#598)
[1] https://github.com/nbs-system/naxsi/commit/296583f06ba5c43cc859e01fd3c0ae1271eef0ce
[2] https://github.com/nbs-system/naxsi/commit/2937c44276cba21601ade4e265d32515f570d68c
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
...runtime.c-fix-build-without-x_forwar.patch | 63 -----
.../0002-PCRE2-compatibility.patch | 221 ------------------
package/nginx-naxsi/nginx-naxsi.hash | 2 +-
package/nginx-naxsi/nginx-naxsi.mk | 2 +-
4 files changed, 2 insertions(+), 286 deletions(-)
delete mode 100644 package/nginx-naxsi/0001-naxsi_src-naxsi_runtime.c-fix-build-without-x_forwar.patch
delete mode 100644 package/nginx-naxsi/0002-PCRE2-compatibility.patch
diff --git a/package/nginx-naxsi/0001-naxsi_src-naxsi_runtime.c-fix-build-without-x_forwar.patch b/package/nginx-naxsi/0001-naxsi_src-naxsi_runtime.c-fix-build-without-x_forwar.patch
deleted file mode 100644
index 238a01923d..0000000000
--- a/package/nginx-naxsi/0001-naxsi_src-naxsi_runtime.c-fix-build-without-x_forwar.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 8ea5218b07f715e9616a846bf305633ef1b3aa2a Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Sat, 14 Aug 2021 11:46:08 +0200
-Subject: [PATCH] naxsi_src/naxsi_runtime.c: fix build without x_forwarded_for
-
-x_forwarded_for is not available if realip, geo, geoip or proxy modules
-aren't enabled resulting in the following build failure since version
-1.1a and
-https://github.com/nbs-system/naxsi/commit/07a056ccd36bc3c5c40dc17991db226cb8cf6241:
-
-/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_data_parse':
-/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2846:20: error: 'ngx_http_headers_in_t' has no member named 'x_forwarded_for'
- if (r->headers_in.x_forwarded_for.nelts >= 1) {
- ^
-
-Fixes:
- - http://autobuild.buildroot.org/results/cdbc1536f6b5de3d4c836efa2f0dcaf0cdbb1462
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/nbs-system/naxsi/pull/568]
----
- naxsi_src/naxsi_runtime.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index 28e0b29..6a723d2 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -2842,10 +2842,12 @@ ngx_http_naxsi_data_parse(ngx_http_request_ctx_t* ctx, ngx_http_request_t* r)
- unsigned int n = 0;
- ngx_table_elt_t** h = NULL;
- ngx_array_t a;
-+#if (NGX_HTTP_X_FORWARDED_FOR)
- if (r->headers_in.x_forwarded_for.nelts >= 1) {
- a = r->headers_in.x_forwarded_for;
- n = a.nelts;
- }
-+#endif
- if (n >= 1)
- h = a.elts;
- if (n >= 1) {
-@@ -2879,6 +2881,7 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
-
- /*cr, sc, cf, ctx*/
- if (cf->check_rules && ctx->special_scores) {
-+#if (NGX_HTTP_X_FORWARDED_FOR)
- if (r->headers_in.x_forwarded_for.nelts >= 1) {
- a = r->headers_in.x_forwarded_for;
- n = a.nelts;
-@@ -2896,7 +2899,9 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
- memcpy(ip.data, h[0]->value.data, ip.len);
- ignore = nx_can_ignore_ip(&ip, cf) || nx_can_ignore_cidr(&ip, cf);
- }
-- } else {
-+ } else
-+#endif
-+ {
- ngx_str_t* ip = &r->connection->addr_text;
- NX_DEBUG(_debug_whitelist_ignore,
- NGX_LOG_DEBUG_HTTP,
---
-2.30.2
-
diff --git a/package/nginx-naxsi/0002-PCRE2-compatibility.patch b/package/nginx-naxsi/0002-PCRE2-compatibility.patch
deleted file mode 100644
index aa3df4dff7..0000000000
--- a/package/nginx-naxsi/0002-PCRE2-compatibility.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-From 2937c44276cba21601ade4e265d32515f570d68c Mon Sep 17 00:00:00 2001
-From: Danila Vershinin <ciapnz@gmail.com>
-Date: Thu, 16 Jun 2022 01:22:23 +0300
-Subject: [PATCH] PCRE2 compatibility (#587)
-
-* Fix: use pcre2 when building with nginx >= 1.21.5
-
-I've tried to compile naxsi 1.3 as module for nginx 1.21.6, and got the error:
-
-error: invalid use of incomplete typedef 'ngx_regex_t' {aka 'struct pcre2_real_code_8'}
- 205 | (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
-
-I found this issue report: Ref: https://github.com/nbs-system/naxsi/issues/580
-then i tried to solve the pcre2 compatibility issue.
-
-I've included an helper function that is 'copied' from: https://github.com/nginx/nginx/blob/master/src/core/ngx_regex.c#L393
-that it is called in place of 'pcre_exec' when nginx_version >= 1021005
-
-Not sure if this is the best solution, but I managed to build naxsi 1.3 as module for nginx 1.21.6 succesfully, and it seems to work well.
-
-I'm not used to develop in C anymore (since 25 years ago, at least!), but I hope that this patch I made can help anybody else.
-
-* Added a check for nginx_version >= 1021005
-
-Added a check for nginx_version >= 1021005 to avoid helper function definition on older versions
-
-* Use NGX_PCRE2 conditional
-
-Update naxsi.h
-
-Don't include pcre.h in order for compilation to work both against pcre and pcre2
-
-Fix pcre vs pcre2 compilation
-
-Co-authored-by: laluigino <99279306+laluigino@users.noreply.github.com>
-[Retrieved from:
-https://github.com/nbs-system/naxsi/commit/2937c44276cba21601ade4e265d32515f570d68c]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- naxsi_src/naxsi.h | 1 -
- naxsi_src/naxsi_config.c | 9 ++++-
- naxsi_src/naxsi_runtime.c | 82 ++++++++++++++++++++++++++++++++++++++-
- naxsi_src/naxsi_utils.c | 8 ++++
- 4 files changed, 96 insertions(+), 4 deletions(-)
-
-diff --git a/naxsi_src/naxsi.h b/naxsi_src/naxsi.h
-index 53df1bd8..b2f5c1a5 100644
---- a/naxsi_src/naxsi.h
-+++ b/naxsi_src/naxsi.h
-@@ -19,7 +19,6 @@
- #include <ngx_http.h>
- #include <ngx_http_core_module.h>
- #include <ngx_md5.h>
--#include <pcre.h>
-
- extern ngx_module_t ngx_http_naxsi_module;
-
-diff --git a/naxsi_src/naxsi_config.c b/naxsi_src/naxsi_config.c
-index 4ea15567..6d2f0e23 100644
---- a/naxsi_src/naxsi_config.c
-+++ b/naxsi_src/naxsi_config.c
-@@ -322,8 +322,11 @@ naxsi_zone(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t* rule)
-
- custom_rule->target_rx = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
- return_value_if(!custom_rule->target_rx, NGX_CONF_ERROR);
--
-+#if (NGX_PCRE2)
-+ custom_rule->target_rx->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- custom_rule->target_rx->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- custom_rule->target_rx->pattern = custom_rule->target;
- custom_rule->target_rx->pool = r->pool;
- custom_rule->target_rx->err.len = 0;
-@@ -442,7 +445,11 @@ naxsi_rx(ngx_conf_t* r, ngx_str_t* tmp, ngx_http_rule_t* rule)
- ha.len = tmp->len - strlen(RX_T);
- rgc = ngx_pcalloc(r->pool, sizeof(ngx_regex_compile_t));
- return_value_if(!rgc, NGX_CONF_ERROR);
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern = ha;
- rgc->pool = r->pool;
- rgc->err.len = 0;
-diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
-index d548ce37..784852b0 100644
---- a/naxsi_src/naxsi_runtime.c
-+++ b/naxsi_src/naxsi_runtime.c
-@@ -181,6 +181,75 @@ ngx_http_naxsi_rawbody_parse(ngx_http_request_ctx_t* ctx,
- unsigned char*
- ngx_utf8_check(ngx_str_t* str);
-
-+#if defined nginx_version && (nginx_version >= 1021005)
-+/*
-+ * variables to use pcre2
-+ */
-+static pcre2_match_data *ngx_pcre2_match_data;
-+static ngx_uint_t ngx_pcre2_match_data_size;
-+
-+/*
-+ * helper function to use pcre2
-+ */
-+ngx_int_t
-+ngx_pcre2_exec(ngx_regex_t *re, unsigned char* str, unsigned int len, ngx_int_t tmp_idx, int *captures, ngx_uint_t size)
-+{
-+ size_t *ov;
-+ ngx_int_t rc;
-+ ngx_uint_t n, i;
-+
-+ /*
-+ * The pcre2_match() function might allocate memory for backtracking
-+ * frames, typical allocations are from 40k and above. So the allocator
-+ * is configured to do direct allocations from heap during matching.
-+ */
-+
-+ if (ngx_pcre2_match_data == NULL
-+ || size > ngx_pcre2_match_data_size)
-+ {
-+ /*
-+ * Allocate a match data if not yet allocated or smaller than
-+ * needed.
-+ */
-+
-+ if (ngx_pcre2_match_data) {
-+ pcre2_match_data_free(ngx_pcre2_match_data);
-+ }
-+
-+ ngx_pcre2_match_data_size = size;
-+ ngx_pcre2_match_data = pcre2_match_data_create(size / 3, NULL);
-+
-+ if (ngx_pcre2_match_data == NULL) {
-+ rc = PCRE2_ERROR_NOMEMORY;
-+ goto failed;
-+ }
-+ }
-+
-+ rc = pcre2_match(re, str, len, tmp_idx, 0, ngx_pcre2_match_data, NULL);
-+
-+ if (rc < 0) {
-+ goto failed;
-+ }
-+
-+ n = pcre2_get_ovector_count(ngx_pcre2_match_data);
-+ ov = pcre2_get_ovector_pointer(ngx_pcre2_match_data);
-+
-+ if (n > size / 3) {
-+ n = size / 3;
-+ }
-+
-+ for (i = 0; i < n; i++) {
-+ captures[i * 2] = ov[i * 2];
-+ captures[i * 2 + 1] = ov[i * 2 + 1];
-+ }
-+
-+failed:
-+
-+ return rc;
-+
-+}
-+#endif
-+
- /*
- ** in : string to inspect, associated rule
- ** does : apply the rule on the string, return 1 if matched,
-@@ -201,7 +270,14 @@ ngx_http_process_basic_rule_buffer(ngx_str_t* str, ngx_http_rule_t* rl, ngx_int_
- tmp_idx = 0;
- len = str->len;
- while
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
-+#if (NGX_PCRE2)
-+ (tmp_idx < len && (match = ngx_pcre2_exec(rl->br->rx->regex,
-+ str->data,
-+ str->len,
-+ tmp_idx,
-+ captures,
-+ 30)) >= 0)
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
- (tmp_idx < len && (match = pcre_exec(rl->br->rx->regex->code,
- 0,
- (const char*)str->data,
-@@ -496,7 +572,9 @@ ngx_http_naxsi_pcre_wrapper(ngx_regex_compile_t* rx, unsigned char* str, unsigne
- int match;
- int captures[30];
-
--#if defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
-+#if (NGX_PCRE2)
-+ match = ngx_pcre2_exec(rx->regex, str, len, 0, captures, 1);
-+#elif defined nginx_version && (nginx_version >= 1002002 && nginx_version != 1003000)
- match = pcre_exec(rx->regex->code, 0, (const char*)str, len, 0, 0, captures, 1);
- #elif defined nginx_version && (nginx_version > 1001011)
- match = pcre_exec(rx->regex->pcre, 0, (const char*)str, len, 0, 0, captures, 1);
-diff --git a/naxsi_src/naxsi_utils.c b/naxsi_src/naxsi_utils.c
-index e3d6f185..d2ecedec 100644
---- a/naxsi_src/naxsi_utils.c
-+++ b/naxsi_src/naxsi_utils.c
-@@ -800,7 +800,11 @@ ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
- if (rgc) {
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
-@@ -816,7 +820,11 @@ ngx_http_naxsi_create_hashtables_n(ngx_http_naxsi_loc_conf_t* dlc, ngx_conf_t* c
- ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
- rgc = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
- if (rgc) {
-+#if (NGX_PCRE2)
-+ rgc->options = PCRE2_CASELESS | PCRE2_MULTILINE;
-+#else
- rgc->options = PCRE_CASELESS | PCRE_MULTILINE;
-+#endif
- rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
- rgc->pool = cf->pool;
- rgc->err.len = 0;
diff --git a/package/nginx-naxsi/nginx-naxsi.hash b/package/nginx-naxsi/nginx-naxsi.hash
index 4712ede2af..a724941b25 100644
--- a/package/nginx-naxsi/nginx-naxsi.hash
+++ b/package/nginx-naxsi/nginx-naxsi.hash
@@ -1,4 +1,4 @@
# Locally calculated
-sha256 439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628 nginx-naxsi-1.3.tar.gz
+sha256 dbe2177411457f1cba98ee4673ce31876994ad06bdce5ecc0ee66384ef0e420e nginx-naxsi-d714f1636ea49a9a9f4f06dba14aee003e970834.tar.gz
sha256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 LICENSE
sha256 d0732bc23658db5b9749e3f9cd4fe0f9b3e132b5955adccb08821845fe2a21c8 naxsi_src/ext/libinjection/COPYING
diff --git a/package/nginx-naxsi/nginx-naxsi.mk b/package/nginx-naxsi/nginx-naxsi.mk
index 2dba8ad589..84d167a663 100644
--- a/package/nginx-naxsi/nginx-naxsi.mk
+++ b/package/nginx-naxsi/nginx-naxsi.mk
@@ -4,7 +4,7 @@
#
################################################################################
-NGINX_NAXSI_VERSION = 1.3
+NGINX_NAXSI_VERSION = d714f1636ea49a9a9f4f06dba14aee003e970834
NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
NGINX_NAXSI_LICENSE = GPL-3.0, BSD-3-Clause (libinjection)
NGINX_NAXSI_LICENSE_FILES = LICENSE naxsi_src/ext/libinjection/COPYING
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-04-14 21:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-14 21:35 [Buildroot] [PATCH v1 1/3] package/nginx: change project and download URL to https Peter Seiderer
2023-04-14 21:35 ` [Buildroot] [PATCH v1 2/3] package/nginx: bump version to 1.24.0 Peter Seiderer
2023-04-15 11:52 ` Yann E. MORIN
2023-04-14 21:35 ` Peter Seiderer [this message]
2023-04-15 11:56 ` [Buildroot] [PATCH v1 3/3] package/nginx-naxsi: bump version to d714f16 Yann E. MORIN
2023-04-15 11:52 ` [Buildroot] [PATCH v1 1/3] package/nginx: change project and download URL to https Yann E. MORIN
2023-04-23 9:09 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230414213504.14634-3-ps.report@gmx.net \
--to=ps.report@gmx.net \
--cc=buildroot@buildroot.org \
--cc=s.martin49@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox