summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2021-01-05 10:23:51 +0100
committerRemi Collet <remi@remirepo.net>2021-01-05 10:23:51 +0100
commitc000cb5ad571699f23a9a09f784b1e7be4375dc7 (patch)
treef9fa3058a4bb155f82182b1d23bd8667e5beec3d
parent3494f8af6d039ef52df8e13f85b0cfe67dcb5ac0 (diff)
update to 0.7.0
sources from jvoisin instead of nbs-system add patch for system libpcre from https://github.com/jvoisin/snuffleupagus/pull/369
-rw-r--r--1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch254
-rw-r--r--369.patch46
-rw-r--r--PHPINFO2
-rw-r--r--REFLECTION2
-rw-r--r--php-snuffleupagus.spec55
5 files changed, 75 insertions, 284 deletions
diff --git a/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch b/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
deleted file mode 100644
index fbd7750..0000000
--- a/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
+++ /dev/null
@@ -1,254 +0,0 @@
-From 1b52614c06b60ced6caecd8dcaa0911ed3aa72e2 Mon Sep 17 00:00:00 2001
-From: bef <bef@users.noreply.github.com>
-Date: Thu, 20 Jun 2019 12:40:07 +0200
-Subject: [PATCH] Fix snufflepagus_globals linking issues and one mac
- compatibility issue
-
----
- src/php_snuffleupagus.h | 1 +
- src/sp_config.c | 2 --
- src/sp_config_keywords.c | 2 --
- src/sp_config_utils.c | 2 --
- src/sp_cookie_encryption.c | 2 --
- src/sp_crypt.c | 2 --
- src/sp_disable_xxe.c | 2 --
- src/sp_disabled_functions.c | 2 --
- src/sp_execute.c | 2 --
- src/sp_harden_rand.c | 2 --
- src/sp_network_utils.c | 4 +---
- src/sp_session.c | 2 --
- src/sp_sloppy.c | 2 --
- src/sp_unserialize.c | 1 -
- src/sp_upload_validation.c | 2 --
- src/sp_utils.c | 2 --
- src/sp_wrapper.c | 2 --
- src/tweetnacl.c | 2 --
- 18 files changed, 2 insertions(+), 34 deletions(-)
-
-diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
-index c9313f8..43131fe 100644
---- a/src/php_snuffleupagus.h
-+++ b/src/php_snuffleupagus.h
-@@ -99,6 +99,7 @@ HashTable *sp_internal_functions_hook;
- HashTable *sp_eval_blacklist_functions_hook;
- ZEND_END_MODULE_GLOBALS(snuffleupagus)
-
-+ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus)
- #define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v)
-
- #if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS)
-diff --git a/src/sp_config.c b/src/sp_config.c
-index 915c8a1..25223f2 100644
---- a/src/sp_config.c
-+++ b/src/sp_config.c
-@@ -4,8 +4,6 @@
-
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- size_t sp_line_no;
-
- sp_config_tokens const sp_func[] = {
-diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
-index a13aed2..abb3110 100644
---- a/src/sp_config_keywords.c
-+++ b/src/sp_config_keywords.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static int parse_enable(char *line, bool *restrict retval,
- bool *restrict simulation) {
- bool enable = false, disable = false;
-diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c
-index 71c9071..dbe6793 100644
---- a/src/sp_config_utils.c
-+++ b/src/sp_config_utils.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--size_t sp_line_no;
--
- int parse_keywords(sp_config_functions *funcs, char *line) {
- int value_len = 0;
- const char *original_line = line;
-diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
-index 249de2d..92a056b 100644
---- a/src/sp_cookie_encryption.c
-+++ b/src/sp_cookie_encryption.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) {
- const sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies;
-
-diff --git a/src/sp_crypt.c b/src/sp_crypt.c
-index da0e2fe..42c1510 100644
---- a/src/sp_crypt.c
-+++ b/src/sp_crypt.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- void generate_key(unsigned char *key) {
- PHP_SHA256_CTX ctx;
- const char *user_agent = getenv("HTTP_USER_AGENT");
-diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
-index df00dbd..53148c8 100644
---- a/src/sp_disable_xxe.c
-+++ b/src/sp_disable_xxe.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- PHP_FUNCTION(sp_libxml_disable_entity_loader) { RETURN_TRUE; }
-
- int hook_libxml_disable_entity_loader() {
-diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
-index 8177ce1..c088f20 100644
---- a/src/sp_disabled_functions.c
-+++ b/src/sp_disabled_functions.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static void should_disable(zend_execute_data* execute_data,
- const char* complete_function_path,
- const zend_string* builtin_param,
-diff --git a/src/sp_execute.c b/src/sp_execute.c
-index b4f2595..4eae874 100644
---- a/src/sp_execute.c
-+++ b/src/sp_execute.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL;
- static void (*orig_zend_execute_internal)(zend_execute_data *execute_data,
- zval *return_value) = NULL;
-diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c
-index 7ab798e..43c2a5b 100644
---- a/src/sp_harden_rand.c
-+++ b/src/sp_harden_rand.c
-@@ -2,8 +2,6 @@
-
- extern ZEND_API zend_class_entry *zend_ce_error;
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- /* This function is needed because `rand` and `mt_rand` parameters
- * are optional, while the ones from `random_int` aren't. */
- static void random_int_wrapper(INTERNAL_FUNCTION_PARAMETERS) {
-diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c
-index c444c1e..1811d98 100644
---- a/src/sp_network_utils.c
-+++ b/src/sp_network_utils.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static inline bool cidr4_match(const struct in_addr addr,
- const struct in_addr net, uint8_t bits);
- static inline bool cidr6_match(const struct in6_addr address,
-@@ -19,7 +17,7 @@ static inline bool cidr4_match(const struct in_addr addr,
-
- static inline bool cidr6_match(const struct in6_addr address,
- const struct in6_addr network, uint8_t bits) {
--#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
-+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
- const uint32_t *a = address.__u6_addr.__u6_addr32;
- const uint32_t *n = network.__u6_addr.__u6_addr32;
- #else
-diff --git a/src/sp_session.c b/src/sp_session.c
-index 596eae9..1064fe6 100644
---- a/src/sp_session.c
-+++ b/src/sp_session.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- #if (HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION))
-
- #ifdef ZTS
-diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
-index d3678db..5837783 100644
---- a/src/sp_sloppy.c
-+++ b/src/sp_sloppy.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- ZEND_API zend_op_array* (*orig_zend_compile_file)(zend_file_handle* file_handle,
- int type) = NULL;
- ZEND_API zend_op_array* (*orig_zend_compile_string)(zval* source_string,
-diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
-index 5e21d6a..f265ce6 100644
---- a/src/sp_unserialize.c
-+++ b/src/sp_unserialize.c
-@@ -1,6 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
-
- PHP_FUNCTION(sp_serialize) {
- zif_handler orig_handler;
-diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
-index fe16a46..ee19df9 100644
---- a/src/sp_upload_validation.c
-+++ b/src/sp_upload_validation.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- int (*sp_rfc1867_orig_callback)(unsigned int event, void *event_data,
- void **extra);
- int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra);
-diff --git a/src/sp_utils.c b/src/sp_utils.c
-index 475d552..7641808 100644
---- a/src/sp_utils.c
-+++ b/src/sp_utils.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) {
- // We can't use `zend_string_equals` here because it doesn't work on
- // `const` zend_string.
-diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c
-index 1618a4f..277f23a 100644
---- a/src/sp_wrapper.c
-+++ b/src/sp_wrapper.c
-@@ -1,7 +1,5 @@
- #include "php_snuffleupagus.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- static bool wrapper_is_whitelisted(const zend_string *zs) {
- const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist;
-
-diff --git a/src/tweetnacl.c b/src/tweetnacl.c
-index ad5dae5..9f66546 100644
---- a/src/tweetnacl.c
-+++ b/src/tweetnacl.c
-@@ -3,8 +3,6 @@ we're using the one from PHP.*/
- #include "php_snuffleupagus.h"
- #include "ext/standard/php_random.h"
-
--ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
--
- void randombytes(unsigned char *x, unsigned long long xlen) {
- assert(SIZE_MAX >= ULLONG_MAX); // max(size_t) > max(ull) ?
- php_random_bytes(x, xlen, 1);
diff --git a/369.patch b/369.patch
new file mode 100644
index 0000000..ddcd511
--- /dev/null
+++ b/369.patch
@@ -0,0 +1,46 @@
+From da4452a8084115f5975c88efab3671cdc2a07cf8 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Mon, 4 Jan 2021 12:34:26 +0100
+Subject: [PATCH] Fix #368 build with system libpcre
+
+---
+ src/sp_pcre_compat.c | 4 ++--
+ src/sp_pcre_compat.h | 3 ---
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
+index b4d29f06..283eeb7f 100644
+--- a/src/sp_pcre_compat.c
++++ b/src/sp_pcre_compat.c
+@@ -15,7 +15,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) {
+ const char* pcre_error = NULL;
+ int erroroffset;
+ ret =
+- php_pcre_compile(pattern, PCRE_CASELESS, &pcre_error, &erroroffset, NULL);
++ pcre_compile(pattern, PCRE_CASELESS, &pcre_error, &erroroffset, NULL);
+ #endif
+
+ if (NULL == ret) {
+@@ -38,7 +38,7 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
+ ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL);
+ #else
+ int vec[30];
+- ret = php_pcre_exec(regexp, NULL, str, len, 0, 0, vec,
++ ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec,
+ sizeof(vec) / sizeof(int));
+ #endif
+
+diff --git a/src/sp_pcre_compat.h b/src/sp_pcre_compat.h
+index 11f7f7ca..14c33b2d 100644
+--- a/src/sp_pcre_compat.h
++++ b/src/sp_pcre_compat.h
+@@ -4,9 +4,6 @@
+ #include <stdlib.h>
+ #include <stdbool.h>
+
+-#undef pcre_exec
+-#undef pcre_compile
+-
+ #define PCRE2_CODE_UNIT_WIDTH 8
+ #if PHP_VERSION_ID >= 70300
+ #define SP_HAS_PCRE2
diff --git a/PHPINFO b/PHPINFO
index 7331ff3..765d423 100644
--- a/PHPINFO
+++ b/PHPINFO
@@ -2,7 +2,7 @@
snuffleupagus
snuffleupagus support => enabled
-Version => 0.5.0
+Version => 0.7.0
Valid config => yes
Directive => Local Value => Master Value
diff --git a/REFLECTION b/REFLECTION
index 9e553e6..607c028 100644
--- a/REFLECTION
+++ b/REFLECTION
@@ -1,4 +1,4 @@
-Extension [ <persistent> extension #203 snuffleupagus version 0.5.0 ] {
+Extension [ <persistent> extension #119 snuffleupagus version 0.7.0 ] {
- INI {
Entry [ sp.configuration_file <SYSTEM> ]
diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec
index 4580b53..c52be26 100644
--- a/php-snuffleupagus.spec
+++ b/php-snuffleupagus.spec
@@ -1,6 +1,6 @@
# remirepo spec file for php-snuffleupagus
#
-# Copyright (c) 2018-2020 Remi Collet
+# Copyright (c) 2018-2021 Remi Collet
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
@@ -18,9 +18,9 @@
%global pkg_name %{name}
%endif
-%global gh_commit 0410dd1ee69f5040e0a81d57d20d860139b0c32c
+%global gh_commit 047b2d08a5d01c2c8654f16fb97bb99d0b25052b
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
-%global gh_owner nbs-system
+%global gh_owner jvoisin
%global gh_project snuffleupagus
#global gh_date 20180117
%global pecl_name snuffleupagus
@@ -31,24 +31,24 @@
Summary: Security module for PHP
Name: %{?sub_prefix}php-snuffleupagus
-Version: 0.5.0
+Version: 0.7.0
%if 0%{?gh_date}
Release: 2%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%else
-Release: 4%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
+Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%endif
License: LGPLv3
Group: Development/Languages
URL: https://github.com/%{gh_owner}/%{gh_project}
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
-Patch0: https://github.com/jvoisin/snuffleupagus/commit/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
+Patch0: https://patch-diff.githubusercontent.com/raw/jvoisin/snuffleupagus/pull/369.patch
BuildRequires: %{?dtsprefix}gcc
BuildRequires: %{?scl_prefix}php-devel > 7
BuildRequires: pcre-devel
# For tests/upload_validation_real.phpt
-BuildRequires: %{?scl_prefix}php-vld
+# BuildRequires: %%{?scl_prefix}php-vld
BuildRequires: %{?scl_prefix}php-curl
BuildRequires: %{?scl_prefix}php-dom
BuildRequires: %{?scl_prefix}php-simplexml
@@ -60,36 +60,21 @@ Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api}
Requires: %{?scl_prefix}php(api) = %{php_core_api}
%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}
-%if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel}
-Obsoletes: php70u-%{pecl_name} <= %{version}
-Obsoletes: php70w-%{pecl_name} <= %{version}
-%if "%{php_version}" > "7.1"
-Obsoletes: php71u-%{pecl_name} <= %{version}
-Obsoletes: php71w-%{pecl_name} <= %{version}
-%endif
-%if "%{php_version}" > "7.2"
-Obsoletes: php72u-%{pecl_name} <= %{version}
-Obsoletes: php72w-%{pecl_name} <= %{version}
-%endif
+%if "%{?packager}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel}
%if "%{php_version}" > "7.3"
Obsoletes: php73-%{pecl_name} <= %{version}
-Obsoletes: php73w-%{pecl_name} <= %{version}
%endif
%if "%{php_version}" > "7.4"
Obsoletes: php74-%{pecl_name} <= %{version}
-Obsoletes: php74w-%{pecl_name} <= %{version}
%endif
+%if "%{php_version}" > "8.0"
+Obsoletes: php80-%{pecl_name} <= %{version}
%endif
-
-%if 0%{?fedora} < 20 && 0%{?rhel} < 7
-# Filter shared private
-%{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$}
-%{?filter_setup}
%endif
%description
-Snuffleupagus is a PHP7+ module designed to drastically raise the cost of
+Snuffleupagus is a PHP module designed to drastically raise the cost of
attacks against websites. This is achieved by killing entire bug classes
and providing a powerful virtual-patching system, allowing the administrator
to fix specific vulnerabilities without having to touch the PHP code.
@@ -101,7 +86,7 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO
%prep
%setup -q -n %{gh_project}-%{gh_commit}
-%patch0 -p1 -b .ups
+%patch0 -p1 -b .pr369
cd src
# Sanity check, really often broken
@@ -173,7 +158,15 @@ install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name}
%check
-sed -e 's:#!/usr/bin/env php:#!%{__php}:' -i scripts/upload_validation.php
+if [ -f %{php_extdir}/vld.so ]; then
+ sed -e 's:#!/usr/bin/env php:#!%{__php}:' -i scripts/upload_validation.php
+else
+ rm src/tests/upload_validation/upload_validation_real.phpt
+fi
+
+%if "%{php_version}" < "8"
+rm -rf src/tests/*php8*/
+%endif
# add extensions used by test suite
TEST_DEPS="-d extension=xml.so -d extension=dom.so -d extension=curl.so -d extension=simplexml.so"
@@ -225,6 +218,12 @@ REPORT_EXIT_STATUS=1 \
%changelog
+* Mon Jan 4 2021 Remi Collet <remi@remirepo.net> - 0.7.0-1
+- update to 0.7.0
+- sources from jvoisin instead of nbs-system
+- add patch for system libpcre from
+ https://github.com/jvoisin/snuffleupagus/pull/369
+
* Fri Feb 21 2020 Remi Collet <remi@remirepo.net> - 0.5.0-4
- fix test suite