php-pecl-taint.spec


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299

# remirepo spec file for php-pecl-taint
#
# Copyright (c) 2015-2020 Remi Collet
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
%if 0%{?scl:1}
%global sub_prefix %{scl_prefix}
%scl_package        php-pecl-taint
%endif

%global gh_commit   4b76d9f1a4189d25dd9dbf9681732a4e0a9b0b48
%global gh_short    %(c=%{gh_commit}; echo ${c:0:7})
%global gh_owner    laruence
%global gh_project  taint
#global gh_date     20180627
%global pecl_name   taint
%global with_zts    0%{!?_without_zts:%{?__ztsphp:1}}
%global ini_name    40-%{pecl_name}.ini

Summary:       XSS code sniffer
Name:          %{?sub_prefix}php-pecl-taint
Version:       2.1.0
%if 0%{?gh_date:1}
Release:       0.3.%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
Source0:       https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz
%else
Release:       1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
Source0:       https://pecl.php.net/get/%{pecl_name}-%{version}.tgz
%endif
License:       PHP
URL:           https://github.com/%{gh_owner}/%{gh_project}

Patch1:        https://patch-diff.githubusercontent.com/raw/laruence/taint/pull/68.patch

BuildRequires: %{?dtsprefix}gcc
BuildRequires: %{?scl_prefix}php-devel > 7
BuildRequires: %{?scl_prefix}php-pear
BuildRequires: %{?scl_prefix}php-pdo
BuildRequires: %{?scl_prefix}php-pdo_sqlite
BuildRequires: %{?scl_prefix}php-sqlite3

Requires:      %{?scl_prefix}php(zend-abi) = %{php_zend_api}
Requires:      %{?scl_prefix}php(api) = %{php_core_api}
%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}

%if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel}
%if "%{php_version}" > "7.2"
Obsoletes:     php72u-pecl-%{pecl_name} <= %{version}
Obsoletes:     php72w-pecl-%{pecl_name} <= %{version}
%endif
%if "%{php_version}" > "7.3"
Obsoletes:     php73-pecl-%{pecl_name}  <= %{version}
Obsoletes:     php73w-pecl-%{pecl_name} <= %{version}
%endif
%if "%{php_version}" > "7.4"
Obsoletes:     php74-pecl-%{pecl_name}  <= %{version}
Obsoletes:     php74w-pecl-%{pecl_name} <= %{version}
%endif
%endif

Provides:       %{?scl_prefix}php-%{pecl_name}               = %{version}
Provides:       %{?scl_prefix}php-%{pecl_name}%{?_isa}       = %{version}
Provides:       %{?scl_prefix}php-pecl(%{pecl_name})         = %{version}
Provides:       %{?scl_prefix}php-pecl(%{pecl_name})%{?_isa} = %{version}
%if "%{?scl_prefix}" != "%{?sub_prefix}"
Provides:       %{?scl_prefix}php-pecl-%{pecl_name}          = %{version}-%{release}
Provides:       %{?scl_prefix}php-pecl-%{pecl_name}%{?_isa}  = %{version}-%{release}
%endif

%if 0%{?fedora} < 20 && 0%{?rhel} < 7
# Filter shared private
%{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$}
%{?filter_setup}
%endif


%description
An extension used for detecting XSS codes(tainted string),
And also can be used to spot sql injection vulnerabilities, shell inject, etc.

This extension is still EXPERIMENTAL.

Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}.


%prep
%setup -qc
%if 0%{?gh_date:1}
mv %{gh_project}-%{gh_commit} NTS
mv NTS/package.xml package.xml
%else
mv %{pecl_name}-%{version} NTS
%endif

# Don't install/register tests
sed -e 's/role="test"/role="src"/' \
    %{?_licensedir:-e '/LICENSE/s/role="doc"/role="src"/' } \
    -i package.xml

cd NTS
%patch1 -p1 -b .pr68

# When this file will be removed, clean the description.
[ -f EXPERIMENTAL ] || exit 1

# Sanity check, really often broken
extver=$(sed -n '/#define PHP_TAINT_VERSION/{s/.* "//;s/".*$//;p}' php_taint.h)
if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then
   : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}.
   exit 1
fi
cd ..

%if %{with_zts}
# duplicate for ZTS build
cp -pr NTS ZTS
%endif

# Drop in the bit of configuration
cat << 'EOF' | tee %{ini_name}
; Enable '%{summary}' extension module
extension = %{pecl_name}.so

; Configuration
;taint.enable = 0
;taint.error_level = 512
EOF


%build
%{?dtsenable}

cd NTS
%{_bindir}/phpize
%configure \
    --with-php-config=%{_bindir}/php-config \
    --enable-taint
make %{?_smp_mflags}

%if %{with_zts}
cd ../ZTS
%{_bindir}/zts-phpize
%configure \
    --with-php-config=%{_bindir}/zts-php-config \
    --enable-taint
make %{?_smp_mflags}
%endif


%install
%{?dtsenable}

# Install the NTS stuff
make -C NTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name}

# Install XML package description
install -D -m 644 package.xml %{buildroot}%{pecl_xmldir}/%{name}.xml

%if %{with_zts}
# Install the ZTS stuff
make -C ZTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name}
%endif

# Documentation
for i in $(grep 'role="doc"' package.xml | sed -e 's/^.*name="//;s/".*$//')
do [ -f NTS/$i ] &&  install -Dpm 644 NTS/$i %{buildroot}%{pecl_docdir}/%{pecl_name}/$i
done


%check
cd NTS
: Minimal load test for NTS extension
%{__php} --no-php-ini \
    --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \
    --modules | grep %{pecl_name}

DEP="-d extension=pdo.so -d extension=pdo_sqlite.so -d extension=sqlite3.so"

: Upstream test suite  for NTS extension
TEST_PHP_EXECUTABLE=%{__php} \
TEST_PHP_ARGS="-n $DEP -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \
REPORT_EXIT_STATUS=1 \
%{__php} -n run-tests.php -q --show-diff

%if %{with_zts}
cd ../ZTS
rm tests/004.phpt
: Minimal load test for ZTS extension
%{__ztsphp} --no-php-ini \
    --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \
    --modules | grep %{pecl_name}

: Upstream test suite  for ZTS extension
TEST_PHP_EXECUTABLE=%{__ztsphp} \
TEST_PHP_ARGS="-n $DEP -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \
REPORT_EXIT_STATUS=1 \
%{__ztsphp} -n run-tests.php -q --show-diff
%endif


%if 0%{?fedora} < 24 && 0%{?rhel} < 8
# when pear installed alone, after us
%triggerin -- %{?scl_prefix}php-pear
if [ -x %{__pecl} ] ; then
    %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || :
fi

# posttrans as pear can be installed after us
%posttrans
if [ -x %{__pecl} ] ; then
    %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || :
fi

%postun
if [ $1 -eq 0 -a -x %{__pecl} ] ; then
    %{pecl_uninstall} %{pecl_name} >/dev/null || :
fi
%endif


%files
%{?_licensedir:%license NTS/LICENSE}
%doc %{pecl_docdir}/%{pecl_name}
%{pecl_xmldir}/%{name}.xml

%config(noreplace) %{php_inidir}/%{ini_name}
%{php_extdir}/%{pecl_name}.so

%if %{with_zts}
%config(noreplace) %{php_ztsinidir}/%{ini_name}
%{php_ztsextdir}/%{pecl_name}.so
%endif


%changelog
* Thu Apr  9 2020 Remi Collet <remi@remirepo.net> - 2.1.0-1
- update to 2.1.0

* Thu Dec 26 2019 Remi Collet <remi@remirepo.net> - 2.0.6-1
- update to 2.0.6

* Tue Jun  4 2019 Remi Collet <remi@remirepo.net> - 2.0.5-2
- fix test suite

* Wed Dec 12 2018 Remi Collet <remi@remirepo.net> - 2.0.5-1
- Update to 2.0.5
- add patch for PHP 7.0 from
  https://github.com/laruence/taint/pull/68

* Thu Aug 16 2018 Remi Collet <remi@remirepo.net> - 2.0.5-0.3.20180627.4b76d9f
- rebuild for 7.3.0beta2 new ABI

* Wed Jul 18 2018 Remi Collet <remi@remirepo.net> - 2.0.5-0.2.20180627.4b76d9f
- rebuild for 7.3.0alpha4 new ABI

* Wed Jun 27 2018 Remi Collet <remi@remirepo.net> - 2.0.5-0.1.20180627.4b76d9f
- update to 2.0.5-dev for PHP 7.3
- add patch for -Wformat errors from
  https://github.com/laruence/taint/pull/64

* Wed Aug  9 2017 Remi Collet <remi@remirepo.net> - 2.0.4-1
- Update to 2.0.4

* Tue Aug  1 2017 Remi Collet <remi@remirepo.net> - 2.0.3-1
- Update to 2.0.3

* Tue Jul 18 2017 Remi Collet <remi@remirepo.net> - 2.0.2-5
- rebuild for PHP 7.2.0beta1 new API

* Thu Jun 29 2017 Remi Collet <remi@fedoraproject.org> - 2.0.2-4
- ignore PHP_VERSION_ID check as test suite is ok with PHP 7.2
  see https://github.com/laruence/taint/issues/55
- add patch for test suite with PHP 7.2 from
  https://github.com/laruence/taint/pull/56 (merged)

* Thu Dec  1 2016 Remi Collet <remi@fedoraproject.org> - 2.0.2-3
- rebuild with PHP 7.1.0 GA

* Wed Sep 14 2016 Remi Collet <remi@fedoraproject.org> - 2.0.2-2
- rebuild for PHP 7.1 new API version

* Mon Jul  4 2016 Remi Collet <remi@fedoraproject.org> - 2.0.2-1
- Update to 2.0.2 (php 7, beta)
- sources from pecl

* Sun Mar  6 2016 Remi Collet <remi@fedoraproject.org> - 2.0.1-2
- adapt for F24

* Sun Dec 13 2015 Remi Collet <remi@fedoraproject.org> - 2.0.1-1
- Update to 2.0.1 (php 7, beta)

* Tue Oct 27 2015 Remi Collet <remi@fedoraproject.org> - 2.0.0-1
- new package, version 2.0.0 (beta, php 7)