diff options
| author | Remi Collet <remi@remirepo.net> | 2018-12-21 14:48:36 +0100 |
|---|---|---|
| committer | Remi Collet <remi@remirepo.net> | 2018-12-21 14:48:36 +0100 |
| commit | 612ba42c9749f4a2cacfbb494acd1688ef836cba (patch) | |
| tree | 37e8f04107c08a471eae8d55091c788636306787 | |
| parent | 89cc985aa9541aa62f4fcb78adcc964e2cdd646b (diff) | |
update to 0.4.1
drop patches merged upstream
| -rw-r--r-- | 242.patch | 188 | ||||
| -rw-r--r-- | 266.patch | 69 | ||||
| -rw-r--r-- | PHPINFO | 2 | ||||
| -rw-r--r-- | REFLECTION | 2 | ||||
| -rw-r--r-- | php-snuffleupagus.spec | 15 |
5 files changed, 9 insertions, 267 deletions
diff --git a/242.patch b/242.patch deleted file mode 100644 index 710276a..0000000 --- a/242.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 10b548f43e07685f451f22e96c246d1f5b7f486e Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Mon, 3 Sep 2018 15:09:00 +0200 -Subject: [PATCH 1/2] Fix #241 segfault on 32-bit related to bad protype - ---- - src/php_snuffleupagus.h | 5 +++++ - src/sp_disabled_functions.c | 4 ++-- - src/sp_harden_rand.c | 4 ++-- - src/sp_sloppy.c | 4 ++-- - src/sp_unserialize.c | 4 ++-- - src/sp_utils.c | 4 ++-- - src/sp_utils.h | 6 ++---- - src/sp_wrapper.c | 2 +- - 8 files changed, 18 insertions(+), 15 deletions(-) - -diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h -index bc927a0..0bdf602 100644 ---- a/src/php_snuffleupagus.h -+++ b/src/php_snuffleupagus.h -@@ -25,6 +25,11 @@ - #include "zend_string.h" - #include "zend_extensions.h" - -+/* Compatibility */ -+#if PHP_VERSION_ID < 70200 -+typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); -+#endif -+ - #include "sp_pcre_compat.h" - #include "sp_list.h" - #include "sp_tree.h" -diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c -index 835776b..b8ec845 100644 ---- a/src/sp_disabled_functions.c -+++ b/src/sp_disabled_functions.c -@@ -501,7 +501,7 @@ bool should_drop_on_ret(const zval* return_value, const sp_list_node* config, - } - - ZEND_FUNCTION(check_disabled_function) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - const char* current_function_name = get_active_function_name(TSRMLS_C); - - if (true == should_disable_ht( -@@ -566,7 +566,7 @@ static int hook_functions(HashTable* to_hook_ht, HashTable* hooked_ht) { - } - - ZEND_FUNCTION(eval_blacklist_callback) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - const char* current_function_name = get_active_function_name(TSRMLS_C); - zend_string* tmp = - zend_string_init(current_function_name, strlen(current_function_name), 0); -diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c -index 7b4e958..7ab798e 100644 ---- a/src/sp_harden_rand.c -+++ b/src/sp_harden_rand.c -@@ -52,7 +52,7 @@ static void random_int_wrapper(INTERNAL_FUNCTION_PARAMETERS) { - } - - PHP_FUNCTION(sp_rand) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - - /* call the original `rand` function, - * since we might no be the only ones to hook it*/ -@@ -64,7 +64,7 @@ PHP_FUNCTION(sp_rand) { - } - - PHP_FUNCTION(sp_mt_rand) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - - /* call the original `mt_rand` function, - * since we might no be the only ones to hook it*/ -diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c -index 5b36026..ac0cb8a 100644 ---- a/src/sp_sloppy.c -+++ b/src/sp_sloppy.c -@@ -38,8 +38,8 @@ ZEND_API zend_op_array* sp_compile_file(zend_file_handle* file_handle, - - static void array_handler(INTERNAL_FUNCTION_PARAMETERS, - const char *name, size_t size, -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS)) { -- void (*handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler) { -+ zif_handler handler; - zval func_name; - zval params[3]; - zval *value, *array; -diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c -index ab0139a..fb44ce4 100644 ---- a/src/sp_unserialize.c -+++ b/src/sp_unserialize.c -@@ -3,7 +3,7 @@ - ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - - PHP_FUNCTION(sp_serialize) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - - /* Call the original `serialize` function. */ - orig_handler = zend_hash_str_find_ptr( -@@ -42,7 +42,7 @@ PHP_FUNCTION(sp_serialize) { - } - - PHP_FUNCTION(sp_unserialize) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - - char *buf = NULL; - char *serialized_str = NULL; -diff --git a/src/sp_utils.c b/src/sp_utils.c -index 970f314..abb138b 100644 ---- a/src/sp_utils.c -+++ b/src/sp_utils.c -@@ -320,7 +320,7 @@ bool sp_match_array_value(const zval* arr, const zend_string* to_match, - } - - int hook_function(const char* original_name, HashTable* hook_table, -- void (*new_function)(INTERNAL_FUNCTION_PARAMETERS)) { -+ zif_handler new_function) { - zend_internal_function* func; - bool ret = FAILURE; - -@@ -363,7 +363,7 @@ int hook_function(const char* original_name, HashTable* hook_table, - } - - int hook_regexp(const sp_pcre* regexp, HashTable* hook_table, -- void (*new_function)(INTERNAL_FUNCTION_PARAMETERS)) { -+ zif_handler new_function) { - zend_string* key; - - ZEND_HASH_FOREACH_STR_KEY(CG(function_table), key) -diff --git a/src/sp_utils.h b/src/sp_utils.h -index c094fac..d835905 100644 ---- a/src/sp_utils.h -+++ b/src/sp_utils.h -@@ -54,10 +54,8 @@ void sp_log_disable(const char *restrict, const char *restrict, - const zend_string *restrict, const sp_disabled_function *); - void sp_log_disable_ret(const char *restrict, const zend_string *restrict, - const sp_disabled_function *); --int hook_function(const char *, HashTable *, -- void (*)(INTERNAL_FUNCTION_PARAMETERS)); --int hook_regexp(const sp_pcre *, HashTable *, -- void (*)(INTERNAL_FUNCTION_PARAMETERS)); -+int hook_function(const char *, HashTable *, zif_handler); -+int hook_regexp(const sp_pcre *, HashTable *, zif_handler); - bool check_is_in_eval_whitelist(const zend_string *const function_name); - int sp_log_request(const zend_string *folder, const zend_string *text_repr, - char *from); -diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c -index d9cd296..3090513 100644 ---- a/src/sp_wrapper.c -+++ b/src/sp_wrapper.c -@@ -45,7 +45,7 @@ void sp_disable_wrapper() { - } - - PHP_FUNCTION(sp_stream_wrapper_register) { -- void (*orig_handler)(INTERNAL_FUNCTION_PARAMETERS); -+ zif_handler orig_handler; - zend_string *protocol_name = NULL; - - ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 2, EX_NUM_ARGS()); - -From 70679f073f49dade464fedc9feaa6040107a1f48 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Mon, 3 Sep 2018 15:15:35 +0200 -Subject: [PATCH 2/2] fix -Wformat build warning - ---- - src/sp_utils.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sp_utils.c b/src/sp_utils.c -index abb138b..8a3874c 100644 ---- a/src/sp_utils.c -+++ b/src/sp_utils.c -@@ -287,7 +287,7 @@ bool sp_match_array_key(const zval* zv, const zend_string* to_match, - } - } else { - char* idx_str = NULL; -- spprintf(&idx_str, 0, "%lu", idx); -+ spprintf(&idx_str, 0, ZEND_ULONG_FMT, idx); - zend_string* tmp = zend_string_init(idx_str, strlen(idx_str), 0); - if (sp_match_value(tmp, to_match, rx)) { - efree(idx_str); diff --git a/266.patch b/266.patch deleted file mode 100644 index 3271e39..0000000 --- a/266.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 1e152059e17a50f95d739cdcf22dc499bb3ec7ad Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Thu, 13 Dec 2018 08:08:55 +0100 -Subject: [PATCH] use php script, get rid of python for test suite - ---- - scripts/upload_validation.php | 45 +++++++++++++++++++++ - src/tests/config/upload_validation_real.ini | 2 +- - 2 files changed, 46 insertions(+), 1 deletion(-) - create mode 100755 scripts/upload_validation.php - -diff --git a/scripts/upload_validation.php b/scripts/upload_validation.php -new file mode 100755 -index 0000000..71f83e6 ---- /dev/null -+++ b/scripts/upload_validation.php -@@ -0,0 +1,45 @@ -+#!/usr/bin/env php -+<?php -+ -+function check($filename) { -+ -+ $whitelist = ['ECHO', 'RETURN', 'PHP', 'NOP']; -+ -+ $out = []; -+ $ret = 0; -+ $cmd = [ -+ PHP_BINARY, -+ "-d", "vld.active=1", -+ "-d", "vld.execute=0", -+ "-d", "extension=vld.so", -+ "-d", "vld.format=1", -+ "-d", "vld.col_sep=@", -+ "-d", "log_errors=0", -+ "-d", "error_log=/dev/null", -+ $filename, -+ '2>&1', -+ ]; -+ exec(implode(' ', $cmd), $out, $ret); -+ if ($ret) { -+ printf("Error: %d\n", $ret); -+ return 2; -+ } -+ foreach($out as $line) { -+ $sp = explode('@', $line); -+ if (count($sp) < 5) { -+ continue; -+ } -+ $opcode = $sp[4]; // # ,line, #, EIO, op, fetch, ext, return, operands -+ if ($opcode && !in_array($opcode, $whitelist)) { -+ printf("Upload_validation: Found an opcode: %s\n", $opcode); -+ return 1; -+ } -+ } -+ return 0; -+} -+ -+if ($_SERVER['argc'] != 2) { -+ die("Usage: {$_SERVER['argv']['0']} file_to_test.php\n"); -+} -+exit(check($_SERVER['argv']['1'])); -+ -diff --git a/src/tests/config/upload_validation_real.ini b/src/tests/config/upload_validation_real.ini -index 6463466..690e9bf 100644 ---- a/src/tests/config/upload_validation_real.ini -+++ b/src/tests/config/upload_validation_real.ini -@@ -1 +1 @@ --sp.upload_validation.script("../scripts/upload_validation.py").enable(); -+sp.upload_validation.script("../scripts/upload_validation.php").enable(); @@ -2,7 +2,7 @@ snuffleupagus snuffleupagus support => enabled -Version => 0.4.0 +Version => 0.4.1 Valid config => yes Directive => Local Value => Master Value @@ -1,4 +1,4 @@ -Extension [ <persistent> extension #138 snuffleupagus version 0.4.0 ] { +Extension [ <persistent> extension #196 snuffleupagus version 0.4.1 ] { - INI { Entry [ sp.configuration_file <SYSTEM> ] diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec index 0a3e139..3d313b0 100644 --- a/php-snuffleupagus.spec +++ b/php-snuffleupagus.spec @@ -18,7 +18,7 @@ %global pkg_name %{name} %endif -%global gh_commit 721adb907fa4636693695024d3ed7ca8602db261 +%global gh_commit bdc2d866c1c55826383c0b203a0702bc58cefe76 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner nbs-system %global gh_project snuffleupagus @@ -31,20 +31,17 @@ Summary: Security module for php7 Name: %{?sub_prefix}php-snuffleupagus -Version: 0.4.0 +Version: 0.4.1 %if 0%{?gh_date} Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %else -Release: 4%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} +Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %endif License: LGPLv3 Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz -Patch0: https://patch-diff.githubusercontent.com/raw/nbs-system/snuffleupagus/pull/242.patch -Patch1: https://patch-diff.githubusercontent.com/raw/nbs-system/snuffleupagus/pull/266.patch - BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?scl_prefix}php-devel > 7 BuildRequires: pcre-devel @@ -94,8 +91,6 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO %prep %setup -q -n %{gh_project}-%{gh_commit} -%patch0 -p1 -b .pr242 -%patch1 -p1 -b .pr266 cd src # Sanity check, really often broken @@ -221,6 +216,10 @@ REPORT_EXIT_STATUS=1 \ %changelog +* Fri Dec 21 2018 Remi Collet <remi@remirepo.net> - 0.4.1-1 +- update to 0.4.1 +- drop patches merged upstream + * Thu Dec 13 2018 Remi Collet <remi@remirepo.net> - 0.4.0-4 - drop dependency on python, test build for https://github.com/nbs-system/snuffleupagus/pull/266 |