# remirepo spec file for php-snuffleupagus # # Copyright (c) 2018-2023 Remi Collet # License: CC-BY-SA-4.0 # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # %if 0%{?scl:1} %scl_package php-snuffleupagus %else %global _root_bindir %{_bindir} %global pkg_name %{name} %endif %bcond_without tests %global gh_commit cb3d7aed877ce2a0952c00f1950d57c72d664b49 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner jvoisin %global gh_project snuffleupagus #global gh_date 20180117 %global pecl_name snuffleupagus # ZTS is not supported, test suite fails # https://github.com/jvoisin/snuffleupagus/issues/123 %global with_zts 0 %global ini_name 40-%{pecl_name}.ini %global sources src %global _configure ../%{sources}/configure Summary: Security module for PHP Name: %{?scl_prefix}php-snuffleupagus Version: 0.10.0 %if 0%{?gh_date} Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %else Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %endif License: LGPL-3.0-only Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?scl_prefix}php-devel >= 7.0 BuildRequires: pcre-devel # For tests/upload_validation_real.phpt # BuildRequires: %%{?scl_prefix}php-vld BuildRequires: %{?scl_prefix}php-curl BuildRequires: %{?scl_prefix}php-dom BuildRequires: %{?scl_prefix}php-simplexml BuildRequires: %{?scl_prefix}php-xml #BuildRequires: gdb #BuildRequires: php-debuginfo Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} %description Snuffleupagus is a PHP module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Documentation: https://snuffleupagus.readthedocs.io/ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -n %{gh_project}-%{gh_commit} cd %{sources} # Sanity check, really often broken grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h # sed -e '/PHP_SNUFFLEUPAGUS_VERSION/s/0.9.0/0.8.0/' -i php_snuffleupagus.h extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. exit 1 fi cd .. mkdir NTS %if %{with_zts} mkdir ZTS %endif # Drop in the bit of configuration cat << 'EOF' | tee %{ini_name} ; Enable '%{pecl_name}' extension module extension = %{pecl_name}.so ; Path to rules configuration files, glob or comma separated list sp.configuration_file = '%{php_inidir}/%{pecl_name}-*.rules' ; Since our configuration format is a bit more complex than php’s one, ; we have a sp.allow_broken_configuration parameter (false by default), ; that you can set to true if you want PHP to carry on if your Snuffleupagus’ ; configuration contains syntax errors. You’ll still get a big scary message ; in your logs of course. We do not recommend to use it of course, but ; sometimes it might be useful to be able to “debug in production” without ; breaking your website. ;sp.allow_broken_configuration = Off EOF cat << 'EOF' | tee %{pecl_name}-default.rules # Default rules see https://snuffleupagus.readthedocs.io/config.html # Don't report about EOL version sp.global.show_old_php_warning.disable(); EOF %build %{?dtsenable} cd %{sources} %{__phpize} cd ../NTS %configure \ --with-php-config=%{__phpconfig} \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %if %{with_zts} cd ../ZTS %configure \ --with-php-config=%{__ztsphpconfig} \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %endif %install %{?dtsenable} # Install the NTS stuff make -C NTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} install -D -m 644 %{pecl_name}-default.rules %{buildroot}%{php_inidir}/%{pecl_name}-default.rules %if %{with_zts} # Install the ZTS stuff make -C ZTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif %check if [ -f %{php_extdir}/vld.so ]; then sed -e 's:#!/usr/bin/env php:#!%{__php}:' -i scripts/upload_validation.php else rm src/tests/upload_validation/upload_validation_real.phpt fi VER=$(%{__php} -r 'echo PHP_VERSION_ID;') if [ $VER -lt 80000 ]; then rm -rf src/tests/*php8*/ fi cd %{sources} export SP_SKIP_OLD_PHP_CHECK=1 # add extensions used by test suite TEST_DEPS="-d extension=xml.so -d extension=dom.so -d extension=curl.so -d extension=simplexml.so" : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} %if %{with tests} : Upstream test suite for NTS extension TEST_PHP_EXECUTABLE=%{__php} \ TEST_PHP_ARGS="-n $TEST_DEPS -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \ REPORT_EXIT_STATUS=1 \ %{__php} -n run-tests.php -q --show-diff %endif %if %{with_zts} : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} %if %{with tests} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{__ztsphp} \ TEST_PHP_ARGS="-n $TEST_DEPS -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ REPORT_EXIT_STATUS=1 \ %{__ztsphp} -n run-tests.php -q --show-diff %endif %endif %files %{!?_licensedir:%global license %%doc} %license LICENSE %doc *.md %config(noreplace) %{php_inidir}/%{ini_name} %config(noreplace) %{php_inidir}/%{pecl_name}-default.rules %{php_extdir}/%{pecl_name}.so %if %{with_zts} %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %endif %changelog * Wed Sep 20 2023 Remi Collet - 0.10.0-1 - update to 0.10.0 * Tue Sep 5 2023 Remi Collet - 0.9.0-3 - add upstream patches for PHP 8.3 - build out of sources tree * Thu Jan 5 2023 Remi Collet - 0.9.0-2 - test build for upstream fix for gh#444 * Wed Jan 4 2023 Remi Collet - 0.9.0-1 - update to 0.9.0 - open https://github.com/jvoisin/snuffleupagus/issues/444 borked tests with 8.2 * Mon Aug 29 2022 Remi Collet - 0.8.3-1 - update to 0.8.3 * Mon May 23 2022 Remi Collet - 0.8.2-1 - update to 0.8.2 - drop patches merged upstream * Wed May 18 2022 Remi Collet - 0.8.0-2 - fix segfault when overriding sp.configuration_file from https://github.com/jvoisin/snuffleupagus/pull/422 - fix ZTS build from https://github.com/jvoisin/snuffleupagus/pull/423/ * Mon May 16 2022 Remi Collet - 0.8.0-1 - update to 0.8.0 - open https://github.com/jvoisin/snuffleupagus/issues/418 bad version - open https://github.com/jvoisin/snuffleupagus/issues/419 failed test * Tue Aug 3 2021 Remi Collet - 0.7.1-1 - update to 0.7.1 - drop patch merged upstream * Mon Jan 4 2021 Remi Collet - 0.7.0-1 - update to 0.7.0 - sources from jvoisin instead of nbs-system - add patch for system libpcre from https://github.com/jvoisin/snuffleupagus/pull/369 * Fri Feb 21 2020 Remi Collet - 0.5.0-4 - fix test suite * Thu Feb 20 2020 Remi Collet - 0.5.0-3 - add upstream patch to fix GCC 10 build * Tue Jul 23 2019 Remi Collet - 0.5.0-2 - rebuild for 7.4.0beta1 * Thu Jun 13 2019 Remi Collet - 0.5.0-1 - update to 0.5.0 * Fri Dec 21 2018 Remi Collet - 0.4.1-1 - update to 0.4.1 - drop patches merged upstream * Thu Dec 13 2018 Remi Collet - 0.4.0-4 - drop dependency on python, test build for https://github.com/nbs-system/snuffleupagus/pull/266 * Tue Dec 4 2018 Remi Collet - 0.4.0-3 - EL-8 build * Mon Sep 3 2018 Remi Collet - 0.4.0-2 - add patch for PHP 7.3 on 32-bit from https://github.com/nbs-system/snuffleupagus/pull/242 * Sat Sep 1 2018 Remi Collet - 0.4.0-1 - update to 0.4.0 - open https://github.com/nbs-system/snuffleupagus/issues/236 Could not start (invalid configuration) * Thu Aug 16 2018 Remi Collet - 0.2.1-4 - rebuild for 7.3.0beta2 new ABI * Wed Jul 18 2018 Remi Collet - 0.2.1-3 - rebuild for 7.3.0alpha4 new ABI * Fri Jun 29 2018 Remi Collet - 0.2.1-2 - add patch for test suite with PHP 7.3 from https://github.com/nbs-system/snuffleupagus/pull/185 * Wed Feb 7 2018 Remi Collet - 0.2.1-1 - Update to 0.2.1 * Thu Jan 18 2018 Remi Collet - 0.2.0-1 - update to 0.2.0 - open https://github.com/nbs-system/snuffleupagus/pull/128 - src in path * Wed Jan 17 2018 Remi Collet - 0.1.0-3.20180117.bd02d06 - test build for gh#124 - open https://github.com/nbs-system/snuffleupagus/pull/126 * Wed Jan 17 2018 Remi Collet - 0.1.0-2 - clean build options, fix EL build * Wed Jan 17 2018 Remi Collet - 0.1.0-1 - new package, version 0.1.0 - open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build - open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build