Comments (12)
Not sure, there is no OLS change required for ModSecurity 3.0.10 update. You can try build.sh .
from openlitespeed.
@litespeedtech has anyone actually tried to build OLS 1.7.17 in the last 2 weeks, since ModSecurity 3.0.10 came out? I am using build.sh
to compile the source. Basically I changed nothing with my build setup and after running another build, 2 weeks ag, in order to ensure the underlying OS was updated with all security fixes, the build failed. As I dug into 2hat changes had occurred I found that ModSecurity had a new release at the time the failure started happening.
from openlitespeed.
Some further information, the build is dying at this point:
g++: error: /build/openlitespeed-1.7.17/src/modules/modsecurity-ls/ModSecurity/src/.libs/libmodsecurity.a: No such file or directory
Basically July 10th I ran a successful build. I kicked off a build on July 26th, without making any updates to the entire Docker image build process, and it started failing when building OLS.
from openlitespeed.
OK, so I looked at the July 26th build again and actually before the ModSecurity related error I'm seeing this:
cp: cannot stat 'build/src/openlitespeed': No such file or directory
Right before that it was at the point of:
#13 2224.8 [ 8%] Linking CXX static library libedio.a
#13 2224.9 [ 8%] Built target edio
#13 2224.9 make: *** [Makefile:149: all] Error 2
This build failure on the 26th is here: https://github.com/ndigitals/ols-dockerfiles/actions/runs/5675619821/job/15464329713
The successful build on the 10th is here: https://github.com/ndigitals/ols-dockerfiles/actions/runs/5514901335/job/14930673116
from openlitespeed.
OK, so looking through those 2 builds starting at the OLS build stage, and getting to the first visible signs of failures, it appears like some issue starting with building boringssl
.
#13 1839.5 # command-line-arguments
#13 1839.5 util/embed_test_data.go:81:16: undefined: os.ReadFile
#13 1839.5 util/embed_test_data.go:132:16: undefined: os.ReadFile
#13 1839.5 note: module requires Go 1.19
#13 1839.6 make[2]: *** [CMakeFiles/crypto_test_data.dir/build.make:312: crypto_test_data.cc] Error 2
#13 1839.6 make[2]: *** Deleting file 'crypto_test_data.cc'
#13 1839.6 make[1]: *** [CMakeFiles/Makefile2:611: CMakeFiles/crypto_test_data.dir/all] Error 2
#13 1839.6 make[1]: *** Waiting for unfinished jobs....
There have been a lot of changes in BoringSSL over the past few weeks(https://boringssl.googlesource.com/boringssl/+log) so I'm curious how that library is being included in the project and these recent changes are what's breaking builds.
from openlitespeed.
there are compiling errors for dependencies.
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `my_sha256_init':
#13 2126.8 sha256.c:(.text+0x10): undefined reference to `EVP_MD_CTX_create'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `my_sha256_final':
#13 2126.8 sha256.c:(.text+0x8c): undefined reference to `EVP_MD_CTX_destroy'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-sha256.o): in function `Curl_sha256it':
#13 2126.8 sha256.c:(.text+0xac): undefined reference to `EVP_MD_CTX_create'
#13 2126.8 /usr/bin/ld: sha256.c:(.text+0xf8): undefined reference to `EVP_MD_CTX_destroy'
#13 2126.8 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-openssl.o): in function `pubkey_show':
#13 2126.9 openssl.c:(.text+0x1b4): undefined reference to `BIO_get_mem_data'
#13 2126.9 /usr/bin/ld: openssl.c:(.text+0x1d4): undefined reference to `BIO_reset'
#13 2126.9 /usr/bin/ld: ../lib/.libs/libcurl.a(libcurl_la-openssl.o): in function `ossl_sha256sum':
#13 2216.2 checking for libcurl config script... no
#13 2216.2 configure: *** curl library not found.
#13 2216.2 configure: error: Curl was explicitly referenced but it was not found
#13 2216.3 make: *** No targets specified and no makefile found. Stop.
#13 2216.3 cp: cannot stat 'src/.libs/libmodsecurity.a': No such file or directory
To fix it, you need to update the third-party project to the latest.
from openlitespeed.
@litespeedtech interesting as it seems the normal build.sh
script that I've been running from the source download has been pulling the third party repo sources.
from openlitespeed.
That being said I've tried to switch to using the latest 1.7.18 sources which also won't perform a successful build.
from openlitespeed.
should have been addressed.
from openlitespeed.
I ended up having no choice but to no longer build the releases from source and instead I'm now installing the arm64 binary packages of OLS. This did cause me to be unable to maintain older versions of the OLS image with patched PHP, which is not great, but I haven't received any reports of issues at this point.
from openlitespeed.
Yeah, it is not an easy task to compile all those third-party libraries. Especially, boringSSL. :-)
from openlitespeed.
Over the past week, I've been trying to compile version 1.8.0 of OLS on Ubuntu 20. Eventually, I discovered that the compilation issues were due to BoringSSL's requirement for a newer version of Go. The default Go version on Ubuntu 20 is only 1.13, while BoringSSL requires Go 1.17 or higher. Below are the steps I took to successfully install it:
First, I installed some dependencies for OLS.
sudo apt-get install build-essential libexpat1-dev libgeoip-dev libpcre3-dev zlib1g-dev libssl-dev libxml2-dev rcs libpng-dev
sudo apt-get install php php-common php-curl php-mysql php-opcache php-imap php-opcache
Next, I updated the Go source and installed the latest version of Go.
sudo add-apt-repository ppa:longsleep/golang-backports
sudo apt upgrade
sudo apt install golang-go
If you are in China, you will also need to change the Go proxy.
Add the following statement to the ~/.profile and /etc/profile files
export GOPROXY="https://goproxy.ioβ
export GO111MOUDLE="on"
then update the ~/.profile and /etc/profile files.
source ~/.profile
source /etc/profile
Finally, I ran ./build.sh and ./install.sh, which installed OLS successfully.
from openlitespeed.
Related Issues (20)
- v.1.7.19 dowload bug and some errors HOT 6
- Don't support this system? CentOS Stream 8οΌ HOT 3
- QUIC library is ignoring error log settings HOT 3
- Segmentation fault HOT 2
- OLS, Mediawiki, and LiteSpeedCache HOT 1
- FreeBSD: Compilation warnings again with 1.8.0 HOT 2
- Does an expired session ticket key file just get renewed if unchanged? HOT 2
- Requesting security contact HOT 15
- File ".rtreport" affects the useful life of an SSD - WRITE I/O HOT 1
- webp replacment problem HOT 2
- SSL issue with binding multiple alias domains in vhost.conf HOT 1
- wrong header set when loading pre compressed js or css files HOT 1
- How to upgrade to 1.8.0 using apt? HOT 3
- Segmentation fault on logo fetch with minimal configuration HOT 1
- OpenLiteSpeed starts unconditionally on upgrade
- QUIC Connection Closure with TLS Internal Error HOT 4
- openlitespeed start the service wrong in arm64, Failed to init SSL Session Id Cache
- LiteSpeed is vulnerable to request smuggling by sending both `Content-Length` and `Transfer-Encoding` (i.e., the oldest trick in the book) HOT 2
- Upgrade to PCRE2
- OLS is vulnerable to request smuggling via forwarding `\n` without normalization to `\r\n`. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openlitespeed.