kumquat-buildroot/package/libmodsecurity/libmodsecurity.mk
Frank Vanbever 670329f057 package/libmodsecurity: security bump to version 3.0.10
- Fixes CVE-2023-38285 [1]
- Adapted 0001-configure.ac-drop-usage-of-git-at-configure-time.patch due to
  upstream moving to autoconf portable shell constructs.

Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>

[1] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/

Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-08-24 20:55:47 +02:00

67 lines
1.9 KiB
Makefile

################################################################################
#
# libmodsecurity
#
################################################################################
LIBMODSECURITY_VERSION = 3.0.10
LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
LIBMODSECURITY_INSTALL_STAGING = YES
LIBMODSECURITY_LICENSE = Apache-2.0
LIBMODSECURITY_LICENSE_FILES = LICENSE
LIBMODSECURITY_CPE_ID_VENDOR = trustwave
LIBMODSECURITY_CPE_ID_PRODUCT = modsecurity
# We're patching configure.ac
LIBMODSECURITY_AUTORECONF = YES
LIBMODSECURITY_DEPENDENCIES = pcre2
LIBMODSECURITY_CONF_OPTS = \
--without-pcre \
--with-pcre2="$(STAGING_DIR)/usr" \
--disable-examples \
--without-lmdb \
--without-ssdeep \
--without-lua \
--without-yajl
ifeq ($(BR2_PACKAGE_LIBXML2),y)
LIBMODSECURITY_DEPENDENCIES += libxml2
LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)/usr/bin/xml2-config"
else
LIBMODSECURITY_CONF_OPTS += --without-libxml
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
LIBMODSECURITY_DEPENDENCIES += libcurl
LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)/usr/bin/curl-config"
else
LIBMODSECURITY_CONF_OPTS += --without-curl
endif
ifeq ($(BR2_PACKAGE_GEOIP),y)
LIBMODSECURITY_DEPENDENCIES += geoip
LIBMODSECURITY_CONF_OPTS += --with-geoip
else
LIBMODSECURITY_CONF_OPTS += --without-geoip
endif
ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
LIBMODSECURITY_DEPENDENCIES += libmaxminddb
LIBMODSECURITY_CONF_OPTS += --with-maxmind
else
LIBMODSECURITY_CONF_OPTS += --without-maxmind
endif
LIBMODSECURITY_CXXFLAGS = $(TARGET_CXXFLAGS)
# m68k_cf can't use -fPIC that libmodsecurity forces to use, so we need
# to disable it to avoid a build failure.
ifeq ($(BR2_m68k_cf),y)
LIBMODSECURITY_CXXFLAGS += -fno-PIC
endif
LIBMODSECURITY_CONF_OPTS += CXXFLAGS="$(LIBMODSECURITY_CXXFLAGS)"
$(eval $(autotools-package))