Page MenuHomeFreeBSD

www/nginx: Add mod_security v3 support
ClosedPublic

Authored by joneum on Jul 29 2017, 12:18 PM.

Details

Summary
  • Add mod_security v3 support

This update adds support for mod_security version 3 to nginx.
ModSecurity v3 is the next version of ModSecurity currently
under development. It is developed as a library independent of
webservers and can be used from different connectors such
as the ModSecurity-nginx module used by this port

PR: 220353
Reported by: Marius Halden <marius.h@lden.org>
Approved by: xxx (mentor)
#Differential Revision: https://reviews.freebsd.org/Dxxxxx

Test Plan

~/dev/ports/www/nginx % portlint -AC
WARN: Makefile: HTTP_ACCESSKEY appears in PORT_OPTIONS:M, but is not listed in OPTIONS_DEFINE.
WARN: Makefile: HTTP_ACCESSKEY appears in PORT_OPTIONS:M, but is not listed in OPTIONS_DEFINE.
WARN: Makefile: [505]: is USE_HTTP_DAV a user-settable option? Consider using WITH_HTTP_DAV instead.
WARN: Makefile: [928]: is USE_HTTP_REWRITE a user-settable option? Consider using WITH_HTTP_REWRITE instead.
WARN: Makefile: [1133]: is USE_HTTP_SSL a user-settable option? Consider using WITH_HTTP_SSL instead.
WARN: Makefile: [462]: IGNORE messages should begin with a lowercase letter and end without a period.
WARN: Makefile: [309]: possible direct use of command "strip" found. use ${STRIP_CMD} instead.
WARN: Makefile: possible use of absolute pathname "/var".
WARN: Makefile: possible use of absolute pathname "/etc/make.conf".
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
WARN: Makefile: new ports should not set PORTREVISION.
WARN: Makefile: new ports should not set PORTEPOCH.
WARN: Makefile: use of DISTFILES with single file discouraged. distribution filename should be set by DISTNAME and EXTRACT_SUFX.
WARN: Makefile: unless this is a master port, MAINTAINER has to be set by "=", not by "?=".
WARN: Makefile: unless this is a master port, COMMENT has to be set by "=", not by "?=".
WARN: Makefile: LIB_DEPENDS don't specify the ABI version number .3 in libmodsecurity.so.3 unless it is really necessary.
WARN: Makefile: LIB_DEPENDS the new format is libFOO.so (e.g., liblibmodsecurity.so.3.so).
WARN: Makefile: DISTFILES/DISTNAME affects WRKSRC. take caution when changing them.
0 fatal errors and 18 warnings found.

poudriere testport:

10.3-amd64
10.3-i386
11.1-amd64
11.1-i386
12.0-CURRENT r320266 amd64
12.0-CURRENT r320266 i386

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

joneum created this revision.Jul 29 2017, 12:18 PM
mat added inline comments.Jul 30 2017, 9:32 PM
www/nginx/Makefile
914 ↗(On Diff #31332)

This is only needed once, maybe it could be put in the GH_TAGNAME directly.

915–917 ↗(On Diff #31332)

could be using GH_TUPLE instead of all three variables.

joneum updated this revision to Diff 31444.Aug 1 2017, 8:24 PM

switch to GH_TUPLE for www/mod_security-devel

joneum edited the test plan for this revision. (Show Details)Aug 1 2017, 8:28 PM

add new Poudriere logs

rene edited edge metadata.Aug 2 2017, 8:48 PM

The patch and logs look fine, but for completeness, do you also have a log with MODSECURITY_DEVEL turned on?

www/nginx/Makefile
231 ↗(On Diff #31444)

"3rd party", not "3ds party"

joneum added inline comments.Aug 2 2017, 9:42 PM
www/nginx/Makefile
231 ↗(On Diff #31444)

thx Rene :-)

miwi accepted this revision.Aug 4 2017, 8:00 AM
This revision is now accepted and ready to land.Aug 4 2017, 8:00 AM
This revision was automatically updated to reflect the committed changes.