initial buildroot for linux 5.15
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
From 8ea5218b07f715e9616a846bf305633ef1b3aa2a Mon Sep 17 00:00:00 2001
|
||||
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
Date: Sat, 14 Aug 2021 11:46:08 +0200
|
||||
Subject: [PATCH] naxsi_src/naxsi_runtime.c: fix build without x_forwarded_for
|
||||
|
||||
x_forwarded_for is not available if realip, geo, geoip or proxy modules
|
||||
aren't enabled resulting in the following build failure since version
|
||||
1.1a and
|
||||
https://github.com/nbs-system/naxsi/commit/07a056ccd36bc3c5c40dc17991db226cb8cf6241:
|
||||
|
||||
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c: In function 'ngx_http_naxsi_data_parse':
|
||||
/home/buildroot/autobuild/instance-3/output-1/build/nginx-naxsi-1.3/naxsi_src/naxsi_runtime.c:2846:20: error: 'ngx_http_headers_in_t' has no member named 'x_forwarded_for'
|
||||
if (r->headers_in.x_forwarded_for.nelts >= 1) {
|
||||
^
|
||||
|
||||
Fixes:
|
||||
- http://autobuild.buildroot.org/results/cdbc1536f6b5de3d4c836efa2f0dcaf0cdbb1462
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Upstream status: https://github.com/nbs-system/naxsi/pull/568]
|
||||
---
|
||||
naxsi_src/naxsi_runtime.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/naxsi_src/naxsi_runtime.c b/naxsi_src/naxsi_runtime.c
|
||||
index 28e0b29..6a723d2 100644
|
||||
--- a/naxsi_src/naxsi_runtime.c
|
||||
+++ b/naxsi_src/naxsi_runtime.c
|
||||
@@ -2842,10 +2842,12 @@ ngx_http_naxsi_data_parse(ngx_http_request_ctx_t* ctx, ngx_http_request_t* r)
|
||||
unsigned int n = 0;
|
||||
ngx_table_elt_t** h = NULL;
|
||||
ngx_array_t a;
|
||||
+#if (NGX_HTTP_X_FORWARDED_FOR)
|
||||
if (r->headers_in.x_forwarded_for.nelts >= 1) {
|
||||
a = r->headers_in.x_forwarded_for;
|
||||
n = a.nelts;
|
||||
}
|
||||
+#endif
|
||||
if (n >= 1)
|
||||
h = a.elts;
|
||||
if (n >= 1) {
|
||||
@@ -2879,6 +2881,7 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
|
||||
|
||||
/*cr, sc, cf, ctx*/
|
||||
if (cf->check_rules && ctx->special_scores) {
|
||||
+#if (NGX_HTTP_X_FORWARDED_FOR)
|
||||
if (r->headers_in.x_forwarded_for.nelts >= 1) {
|
||||
a = r->headers_in.x_forwarded_for;
|
||||
n = a.nelts;
|
||||
@@ -2896,7 +2899,9 @@ ngx_http_naxsi_update_current_ctx_status(ngx_http_request_ctx_t* ctx,
|
||||
memcpy(ip.data, h[0]->value.data, ip.len);
|
||||
ignore = nx_can_ignore_ip(&ip, cf) || nx_can_ignore_cidr(&ip, cf);
|
||||
}
|
||||
- } else {
|
||||
+ } else
|
||||
+#endif
|
||||
+ {
|
||||
ngx_str_t* ip = &r->connection->addr_text;
|
||||
NX_DEBUG(_debug_whitelist_ignore,
|
||||
NGX_LOG_DEBUG_HTTP,
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
config BR2_PACKAGE_NGINX_NAXSI
|
||||
bool "nginx-naxsi"
|
||||
depends on BR2_PACKAGE_NGINX_HTTP
|
||||
# uses pcre, so nginx needs to be built with pcre support
|
||||
select BR2_PACKAGE_PCRE
|
||||
help
|
||||
NAXSI means Nginx Anti XSS & SQL Injection.
|
||||
|
||||
Technically, it is a third party nginx module, available as
|
||||
a package for many UNIX-like platforms. This module, by
|
||||
default, reads a small subset of simple (and readable) rules
|
||||
containing 99% of known patterns involved in website
|
||||
vulnerabilities. For example, <, | or drop are not supposed
|
||||
to be part of a URI.
|
||||
|
||||
Being very simple, those patterns may match legitimate
|
||||
queries, it is the Naxsi's administrator duty to add
|
||||
specific rules that will whitelist legitimate
|
||||
behaviours. The administrator can either add whitelists
|
||||
manually by analyzing nginx's error log, or (recommended)
|
||||
start the project with an intensive auto-learning phase that
|
||||
will automatically generate whitelisting rules regarding a
|
||||
website's behaviour.
|
||||
|
||||
In short, Naxsi behaves like a DROP-by-default firewall, the
|
||||
only task is to add required ACCEPT rules for the target
|
||||
website to work properly.
|
||||
|
||||
https://github.com/nbs-system/naxsi
|
||||
@@ -0,0 +1,4 @@
|
||||
# Locally calculated
|
||||
sha256 439c8677372d2597b4360bbcc10bc86490de1fc75695b193ad5df154a214d628 nginx-naxsi-1.3.tar.gz
|
||||
sha256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2 LICENSE
|
||||
sha256 d0732bc23658db5b9749e3f9cd4fe0f9b3e132b5955adccb08821845fe2a21c8 naxsi_src/ext/libinjection/COPYING
|
||||
@@ -0,0 +1,12 @@
|
||||
################################################################################
|
||||
#
|
||||
# nginx-naxsi
|
||||
#
|
||||
################################################################################
|
||||
|
||||
NGINX_NAXSI_VERSION = 1.3
|
||||
NGINX_NAXSI_SITE = $(call github,nbs-system,naxsi,$(NGINX_NAXSI_VERSION))
|
||||
NGINX_NAXSI_LICENSE = GPL-3.0, BSD-3-Clause (libinjection)
|
||||
NGINX_NAXSI_LICENSE_FILES = LICENSE naxsi_src/ext/libinjection/COPYING
|
||||
|
||||
$(eval $(generic-package))
|
||||
Reference in New Issue
Block a user