initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
@@ -0,0 +1,63 @@
From 8ea5218b07f715e9616a846bf305633ef1b3aa2a Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 14 Aug 2021 11:46:08 +0200
Subject: [PATCH] naxsi_src/naxsi_runtime.c: fix build without x_forwarded_for
x_forwarded_for is not available if realip, geo, geoip or proxy modules
aren't enabled resulting in the following build failure since version
1.1a and
https://github.com/nbs-system/naxsi/commit/07a056ccd36bc3c5c40dc17991db226cb8cf6241:
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_data_parse':
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2846:20: error: 'ngx_http_headers_in_t' has no member named 'x_forwarded_for'
if (r->headers_in.x_forwarded_for.nelts >= 1) {
^
Fixes:
- http://autobuild.buildroot.org/results/cdbc1536f6b5de3d4c836efa2f0dcaf0cdbb1462
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/nbs-system/naxsi/pull/568]
---
naxsi_src/naxsi_runtime.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
index 28e0b29..6a723d2 100644
--- a/naxsi_src/naxsi_runtime.c
+++ b/naxsi_src/naxsi_runtime.c
@@ -2842,10 +2842,12 @@ ngx_http_naxsi_data_parse(ngx_http_request_ctx_t* ctx, ngx_http_request_t* r)
unsigned int n = 0;
ngx_table_elt_t** h = NULL;
ngx_array_t a;
+#if (NGX_HTTP_X_FORWARDED_FOR)
if (r->headers_in.x_forwarded_for.nelts >= 1) {
a = r->headers_in.x_forwarded_for;
n = a.nelts;
}
+#endif
if (n >= 1)
h = a.elts;
if (n >= 1) {
@@ -2879,6 +2881,7 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
/*cr, sc, cf, ctx*/
if (cf->check_rules && ctx->special_scores) {
+#if (NGX_HTTP_X_FORWARDED_FOR)
if (r->headers_in.x_forwarded_for.nelts >= 1) {
a = r->headers_in.x_forwarded_for;
n = a.nelts;
@@ -2896,7 +2899,9 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
memcpy(ip.data, h[0]->value.data, ip.len);
ignore = nx_can_ignore_ip(&ip, cf) || nx_can_ignore_cidr(&ip, cf);
}
- } else {
+ } else
+#endif
+ {
ngx_str_t* ip = &r->connection->addr_text;
NX_DEBUG(_debug_whitelist_ignore,
NGX_LOG_DEBUG_HTTP,
--
2.30.2
+29
View File
@@ -0,0 +1,29 @@
config BR2_PACKAGE_NGINX_NAXSI
bool "nginx-naxsi"
depends on BR2_PACKAGE_NGINX_HTTP
# uses pcre, so nginx needs to be built with pcre support
select BR2_PACKAGE_PCRE
help
NAXSI means Nginx Anti XSS & SQL Injection.
Technically, it is a third party nginx module, available as
a package for many UNIX-like platforms. This module, by
default, reads a small subset of simple (and readable) rules
containing 99% of known patterns involved in website
vulnerabilities. For example, <, | or drop are not supposed
to be part of a URI.
Being very simple, those patterns may match legitimate
queries, it is the Naxsi's administrator duty to add
specific rules that will whitelist legitimate
behaviours. The administrator can either add whitelists
manually by analyzing nginx's error log, or (recommended)
start the project with an intensive auto-learning phase that
will automatically generate whitelisting rules regarding a
website's behaviour.
In short, Naxsi behaves like a DROP-by-default firewall, the
only task is to add required ACCEPT rules for the target
website to work properly.
https://github.com/nbs-system/naxsi
+4
View File
@@ -0,0 +1,4 @@
# Locally calculated
sha256 439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628 nginx-naxsi-1.3.tar.gz
sha256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 LICENSE
sha256 d0732bc23658db5b9749e3f9cd4fe0f9b3e132b5955adccb08821845fe2a21c8 naxsi_src/ext/libinjection/COPYING
+12
View File
@@ -0,0 +1,12 @@
################################################################################
#
# nginx-naxsi
#
################################################################################
NGINX_NAXSI_VERSION = 1.3
NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
NGINX_NAXSI_LICENSE = GPL-3.0, BSD-3-Clause (libinjection)
NGINX_NAXSI_LICENSE_FILES = LICENSE naxsi_src/ext/libinjection/COPYING
$(eval $(generic-package))