Cant compile with JSON support using YAJL 2

[rpfilomeno]

On Centos 6.5, I have compiled yajl-2.1.0 from source and then tried to compile modsecurity-2.8.0 but ./configure --with-yajl returns:

-- snip-- checking for libyajl config script... no checking for yajl install... no configure: optional yajl library not found --snip--

I also tried to install yajl-devel-1.0.7-3.el6.x86_64 via yum but got same result.

When enabled on apache, everything seems to work except for JSON support which shows on the apache error log as ModSecurity: JSON support was not enabled

[zimmerle]

Hi @rpfilomeno,

Are you using --with-yajl=PATH? do you mind to share your config.log via gist (https://gist.github.com/)?

Br., F.

[rpfilomeno]

Here is the yajl make and the modsecurity ./configure --with-yajl=/usr/local/include/yajl outputs: https://gist.github.com/rpfilomeno/360b9f485c54fd264638

I noticed in find_yajl.m4 that its looking for yajl.h but under /usr/local/include/yajl I only got yajl_common.h, yajl_gen.h, yajl_parse.h, yajl_tree.h and yajl_version.h

[zimmerle]

Hi @rpfilomeno,

it seem to be a bug, it should be looking for: yajl_parse.h

Let me fix this.

[zimmerle]

@rpfilomeno fix is on our buildbots, just checking if it is not breaking any other platform.

Can you test the branch: https://github.com/SpiderLabs/ModSecurity/tree/fix_find_yajl ?

Thanks, F.

[rpfilomeno]

Confirmed able to to build on Centos 6.5 64bit with ./configure --with-yajl="/usr/local/lib /usr/local"

Note: If you get an error "libyajl.so.2: cannot open shared object file: No such file or directory" when reloading Apache; this is not a problem with ModSecurity. It is caused by Yajl library in the wrong path. Just link it to the proper directory, see: https://gist.github.com/rpfilomeno/1140359f4bd360137a98

Thanks

[zimmerle]

thank you for the report. patch is merged into our mainline.

[z-vr]

I still cannot compile:

ls /usr/local/yajl-2.1/include/yajl/ yajl_common.h yajl_gen.h yajl_parse.h yajl_tree.h yajl_version.h ./configure --with-yajl=/usr/local/yajl-2.1

checking for libyajl config script... no checking for yajl install... no configure: optional yajl library not found

[zimmerle]

Hi @z-vr which version of ModSecurity are you trying?

[z-vr]

hi @zimmerle I used the test branch that you referenced above.

[zimmerle]

Hi @z-vr, those modifications are already merged on the top of our latest release candidate.

Can you try it? https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.0-rc2

If it does not work, can you please paste the config.log into a gist (https://gist.github.com/) and share the link?

[z-vr]

sure https://gist.github.com/z-vr/4f68cb80c4598483200e

ls /usr/local/yajl-2.1/ bin include lib share

ls /usr/local/yajl-2.1/lib libyajl_s.a libyajl.so libyajl.so.2 libyajl.so.2.1.0

s /usr/local/yajl-2.1/include/yajl/ -halt -rw-r--r-- 1 root staff 363 Dec 14 07:59 yajl_version.h -rw-r--r-- 1 root staff 2.6K Mar 19 2014 yajl_common.h -rw-r--r-- 1 root staff 6.9K Mar 19 2014 yajl_gen.h -rw-r--r-- 1 root staff 9.6K Mar 19 2014 yajl_parse.h -rw-r--r-- 1 root staff 7.1K Mar 19 2014 yajl_tree.h

[toddmichael]

@zimmerle, still running into issues with this. It should work, but it doesn't. Excerpts below:

configure

[root@7f54d68b5240 mod_security-2.9.0]# ./configure --prefix=/opt/modsecurity --with-yajl=/usr/include/yajl
...
checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found

proof of yajl

[root@7f54d68b5240 mod_security-2.9.0]# rpm -qa | grep yajl
yajl-devel-1.0.7-3.el6.x86_64
yajl-1.0.7-3.el6.x86_64

[root@7f54d68b5240 mod_security-2.9.0]# ls -al /usr/include/yajl
total 28
drwxr-xr-x  2 root root 4096 Mar 12 05:12 .
drwxr-xr-x 48 root root 4096 Mar 12 05:12 ..
-rw-r--r--  1 root root 3136 Oct 29  2009 yajl_common.h
-rw-r--r--  1 root root 5638 Oct 29  2009 yajl_gen.h
-rw-r--r--  1 root root 7900 Oct 29  2009 yajl_parse.h

I've confirmed that I'm working with the correct version of find_yajl.m4 but it just doesn't work. Any clues? @z-vr, were you able to get this to work? Our symptoms appear the same.

I need to get this resolved in short order so gonna keep hacking away at it. I'll definitely update the thread if I figure it out.

update

Just noticed that the CentOS RPMs for yajl are 1.x. Yikes. Gonna explore that angle and report back.

[toddmichael]

Downloaded, compiled and installed latest yajl (2.1.1) and then adjusted to reflect new path. Same result. This doesn't work. Appreciate some guidance here. Gonna just disable JSON in the meantime.

[zimmerle]

Hi @toddmichael, do you mind to share your config.log ?

[dukuilanu]

I too cannot compile this with yajl on centos 64bit. here is the config.log https://gist.github.com/dukuilanu/38eb730dbdb9141a3c78 yajl 2.1.1 was compiled from scratch and the centos rpm's were installed, no difference. also tried many different with-yajl= paths. I am using the RC2 package linked to above.

[csanders-git]

Please try using the example suggested above './configure --with-yajl="/usr/local/lib /usr/local"'

[ken-bell]

I got modsecurity-2.9.0 to build by setting the environment variable "PKG_CONFIG_PATH=/opt/lloyd-yajl-66cb08c/share/pkgconfig". The "configure" script is looking for the file "yajl.pc" and that happens to be where it exists on my system. That was after I built and installed the "lloyd-yajl-66cb08c" package into that directory of course.

[barryhatfield]

I am using CentOS 6 and just encountered the same issue as a few people above. I tried the solutions in the thread, but they did not work for me. My solution was: ./configure in a fresh dir install yajl 2.1.0 and devel rpms found here: http://pkgs.org/centos-6/atomic-x86_64/atomic-yajl-yajl-devel-2.1.0-4.el6.art.x86_64.rpm.html symlink /opt/atomic/atomic-yajl/root/usr/lib64/libyajl.so.2 to /usr/lib64/libyajl.so.2 ldd mod_security2.so in your httpd/modules dir to verify libyajl is found

[systeminsightsbuild]

I have tried every option above and always:

checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found

Did I miss the resolution? Because I don't see anybody noting that they had success.

using modsecurty 2.9.1 on ubuntu 14.04

[zimmerle]

Hi @systeminsightsbuild,

Can you confirm that you have installed on your system the following packages:

• libyajl2
• libyajl-dev

[detailyang]

For centos 6

CentOS release 6.8 (Final)
Kernel \r on an \m

I suggest all guys do the following steps:

wget http://github.com/lloyd/yajl/tarball/2.1.0 -O yajl-2.1.0.tar.gz
cd lloyd-yajl-66cb08c
./configure && make -j8 && make install

# carefully, it's import to export PKG_CONFIG_PATH to tell the pkg-config the info about yajl
export PKG_CONFIG_PATH=/usr/local/share/pkgconfig:PKG_CONFIG_PATH

# now you can compile libmodsecurity
./configure --with-yajl="/usr/local/"

[csanders-git]

A previously reported solution dictates the use of ./configure --with-yajl="/usr/local/lib /usr/local". I wanted to explain why this works and why we won't need this in v3. This works because the configure script isn't very versatile. While looking for the yajl 'include' directory it will scan providedpath/yajl_parse.h. When it doesn't find that it will check for providedpath/yajl/includes/yajl_parse.h, providedpath/includes/yajl_parse.h, and providedpath/yajl2/includes/yajl_parse.h. In general one of these will be found as this file is typically under includes somewhere. However, when modsec looks for the library path it doesn't use the same logic. Instead it only checks for providedpath/libyajl.so.x. In the above case it would never check providedpath/lib/libyajl.so.x (or in the case of /usr/local/lib the separate directory it was put into) and fail. So in these cases we can leverage the fact that we can put multiple paths into our option, one for the library location, and one for the top level and when the top level is provided it will correctly find the includes folder.

Oh well moral of the story is that this logic is fixed in v3 because find_yajl has been rewritten substantially. If you are having problems finding YAJL because you didn't install it to a default location or the package didn't come with a .pc, then you will probably need to include the top level directory AND the subfolder for /lib/ in the path. Happy hunting!

only looks for providedpath/lib/libyajl.so.x. The include lib doesn't preserve the yajl directory structure for the include folder and so it is never able to set it.

[aspyct]

This fixed the issue for me, on Debian Buster (inside docker):

--with-yajl="/usr/lib/x86_64-linux-gnu/ /usr/include/yajl"