fix CVE-2022-1304 for autoconf, add missing load_module for ngx_stream_lua_module.so and fix missing -lpcre in configure step
This commit is contained in:
parent
01fab41620
commit
5e31b6c4ae
|
@ -54,7 +54,7 @@ RUN apk add --no-cache bash && \
|
|||
chmod 770 /var/log/letsencrypt /var/lib/letsencrypt
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2" "libcom_err>=1.46.6-r0"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ load_module /usr/share/bunkerweb/modules/ngx_http_lua_module.so;
|
|||
load_module /usr/share/bunkerweb/modules/ngx_http_modsecurity_module.so;
|
||||
load_module /usr/share/bunkerweb/modules/ngx_http_brotli_filter_module.so;
|
||||
load_module /usr/share/bunkerweb/modules/ngx_http_brotli_static_module.so;
|
||||
load_module /usr/share/bunkerweb/modules/ngx_stream_lua_module.so;
|
||||
|
||||
# PID file
|
||||
pid /var/tmp/bunkerweb/nginx.pid;
|
||||
|
|
|
@ -127,10 +127,10 @@ do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/lua-resty-env/src/resty/env.lua /
|
|||
echo "ℹ️ Compiling and installing dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
CONFARGS="${CONFARGS/-Os -fomit-frame-pointer -g/-Os}"
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt=-Wl/--with-ld-opt='-lpcre -Wl'/")"
|
||||
if [ "$OS" = "fedora" ] ; then
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
|
||||
fi
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='/--with-ld-opt='-lpcre /")"
|
||||
# if [ "$OS" = "fedora" ] ; then
|
||||
# CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
|
||||
# fi
|
||||
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
|
|
Loading…
Reference in New Issue