package/modsecurity2: new package

The modsecurity2 package provides an Apache module implementing
a web application firewall (WAF) module.

Based on initial work from Tom Marcuzzi <tom.marcuzzi@orolia.com>
and Nicolas Carrier <nicolas.carrier@orolia.com>

modsecurity2 will be superseeded sooner or later by modsecurity v3
ie. libmodsecurity [1] and its Apache connector [2]. libmodsecurity
is already supported in Buildroot with its Nginx connector.
According to the Apache connector web page and the discussion [3],
the Apache connector is not ready for production use.

  [1] https://github.com/SpiderLabs/ModSecurity
  [2] https://github.com/SpiderLabs/ModSecurity-apache
  [3] https://github.com/SpiderLabs/ModSecurity-apache/issues/80

The best we can do now is to still use modsecurity2 (v2.9.x) for
Apache:
  https://github.com/SpiderLabs/ModSecurity/tree/v2/master

Signed-off-by: Herve Codina <herve.codina@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

DEVELOPERS

@@ -1160,6 +1160,7 @@ F:	package/dtbocfg/
 F:	package/libdbi/
 F:	package/libdbi-drivers/
 F:	package/lua-augeas/
+F:	package/modsecurity2/
 F:	support/testing/tests/package/test_dtbocfg.py
 F:	support/testing/tests/package/test_lua_augeas.py
 
@@ -2019,6 +2020,7 @@ F:	package/bmap-tools/
 F:	package/libdbi/
 F:	package/libdbi-drivers/
 F:	package/lua-augeas/
+F:	package/modsecurity2/
 F:	package/php-pecl-dbus/
 F:	package/php-xdebug/
 F:	package/python-augeas/

package/Config.in

@@ -2114,6 +2114,11 @@ menu "Networking applications"
 	source "package/aircrack-ng/Config.in"
 	source "package/aoetools/Config.in"
 	source "package/apache/Config.in"
+if BR2_PACKAGE_APACHE
+menu "External Apache modules"
+	source "package/modsecurity2/Config.in"
+endmenu
+endif
 	source "package/argus/Config.in"
 	source "package/arp-scan/Config.in"
 	source "package/arptables/Config.in"

package/modsecurity2/Config.in

@@ -0,0 +1,13 @@
+config BR2_PACKAGE_MODSECURITY2
+	bool "modsecurity2"
+	depends on BR2_PACKAGE_APACHE
+	select BR2_PACKAGE_LIBXML2
+	select BR2_PACKAGE_PCRE
+	help
+	  ModSecurity is an open source, cross-platform web application
+	  firewall (WAF) module. Known as the "Swiss Army Knife" of
+	  WAFs, it enables web application defenders to gain visibility
+	  into HTTP(S) traffic and provides a power rules language and
+	  API to implement advanced protections.
+
+	  https://github.com/SpiderLabs/ModSecurity

package/modsecurity2/modsecurity2.hash

@@ -0,0 +1,3 @@
+# Locally computed
+sha256  686695c650449a338757711254ea78c67dedb1d258e03e5c8686f869388fff8c  modsecurity2-2.9.4.tar.gz
+sha256  2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9  LICENSE

package/modsecurity2/modsecurity2.mk

@@ -0,0 +1,26 @@
+################################################################################
+#
+# modsecurity2
+#
+################################################################################
+
+MODSECURITY2_VERSION = 2.9.4
+MODSECURITY2_SITE = $(call github,SpiderLabs,ModSecurity,v$(MODSECURITY2_VERSION))
+MODSECURITY2_LICENSE = Apache-2.0
+MODSECURITY2_LICENSE_FILES = LICENSE
+MODSECURITY2_INSTALL_STAGING = YES
+MODSECURITY2_DEPENDENCIES = apache libxml2 pcre
+MODSECURITY2_AUTORECONF = YES
+
+MODSECURITY2_CONF_OPTS = \
+	--with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
+	--with-libxml=$(STAGING_DIR)/usr \
+	--with-apr=$(STAGING_DIR)/usr/bin/apr-1-config \
+	--with-apu=$(STAGING_DIR)/usr/bin/apu-1-config \
+	--with-apxs=$(STAGING_DIR)/usr/bin/apxs \
+	--without-curl \
+	--without-lua \
+	--without-yajl \
+	--without-ssdeep
+
+$(eval $(autotools-package))