tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
modsecurity_standalone: 2.9.3 -> 2.9.6
Fixes CVE-2021-42717.
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.5
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.4
+30
-25
+17
pkgs/tools/security/modsecurity/Makefile.am.patch
+17
pkgs/tools/security/modsecurity/Makefile.am.patch
···
1
+
--- a/apache2/Makefile.am
2
+
+++ b/apache2/Makefile.am
3
+
@@ -179,7 +179,6 @@ install-exec-hook: $(pkglib_LTLIBRARIES)
4
+
for m in $(pkglib_LTLIBRARIES); do \
5
+
base=`echo $$m | sed 's/\..*//'`; \
6
+
rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
7
+
- install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \
8
+
done
9
+
else
10
+
install-exec-hook: $(pkglib_LTLIBRARIES)
11
+
@@ -187,6 +186,5 @@ install-exec-hook: $(pkglib_LTLIBRARIES)
12
+
for m in $(pkglib_LTLIBRARIES); do \
13
+
base=`echo $$m | sed 's/\..*//'`; \
14
+
rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
15
+
- cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \
16
+
done
17
+
endif
-17
pkgs/tools/security/modsecurity/Makefile.in.patch
-17
pkgs/tools/security/modsecurity/Makefile.in.patch
···
1
-
--- a/apache2/Makefile.in 2017-10-10 09:45:51.000000000 -0400
2
-
+++ b/apache2/Makefile.in 2017-10-10 09:46:04.000000000 -0400
3
-
@@ -1208,14 +1208,12 @@
4
-
@LINUX_TRUE@ for m in $(pkglib_LTLIBRARIES); do \
5
-
@LINUX_TRUE@ base=`echo $$m | sed 's/\..*//'`; \
6
-
@LINUX_TRUE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
7
-
-@LINUX_TRUE@ install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \
8
-
@LINUX_TRUE@ done
9
-
@LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES)
10
-
@LINUX_FALSE@ @echo "Removing unused static libraries..."; \
11
-
@LINUX_FALSE@ for m in $(pkglib_LTLIBRARIES); do \
12
-
@LINUX_FALSE@ base=`echo $$m | sed 's/\..*//'`; \
13
-
@LINUX_FALSE@ rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
14
-
-@LINUX_FALSE@ cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \
15
-
@LINUX_FALSE@ done
16
-
17
-
# Tell versions [3.59,3.63) of GNU make to not export all variables.
+13
-8
pkgs/tools/security/modsecurity/default.nix
+13
-8
pkgs/tools/security/modsecurity/default.nix
···
1
-
{ stdenv, lib, fetchurl, pkg-config
1
+
{ stdenv, lib, fetchFromGitHub, pkg-config, autoreconfHook
2
2
, curl, apacheHttpd, pcre, apr, aprutil, libxml2
3
-
, luaSupport ? false, lua5
3
+
, luaSupport ? false, lua5, perl
4
4
}:
5
5
6
6
with lib;
···
11
11
12
12
stdenv.mkDerivation rec {
13
13
pname = "modsecurity";
14
-
version = "2.9.3";
14
+
version = "2.9.6";
15
15
16
-
src = fetchurl {
17
-
url = "https://www.modsecurity.org/tarball/${version}/${pname}-${version}.tar.gz";
18
-
sha256 = "0611nskd2y6yagrciqafxdn4rxbdk2v4swf45kc1sgwx2sfh34j1";
16
+
src = fetchFromGitHub {
17
+
owner = "SpiderLabs";
18
+
repo = pname;
19
+
rev = "v${version}";
20
+
sha256 = "sha256-C/D/UWaI4GsXjfhLmNnYhRJoUvlsps1551SqhmZUc/4=";
19
21
};
20
22
21
-
nativeBuildInputs = [ pkg-config ];
23
+
nativeBuildInputs = [ pkg-config autoreconfHook ];
22
24
buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++
23
25
optional luaSupport lua5;
24
26
···
39
37
outputs = ["out" "nginx"];
40
38
# by default modsecurity's install script copies compiled output to httpd's modules folder
41
39
# this patch removes those lines
42
-
patches = [ ./Makefile.in.patch ];
40
+
patches = [ ./Makefile.am.patch ];
41
+
42
+
doCheck = true;
43
+
checkInputs = [ perl ];
43
44
44
45
postInstall = ''
45
46
mkdir -p $nginx