1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
# remirepo spec file for php-snuffleupagus
#
# Copyright (c) 2018-2024 Remi Collet
# License: CC-BY-SA-4.0
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
%if 0%{?scl:1}
%scl_package php-snuffleupagus
%else
%global _root_bindir %{_bindir}
%global pkg_name %{name}
%endif
%bcond_without tests
%global gh_commit 0ba0c07bc7c9cba401e061ae86ee4adcf9655be9
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_owner jvoisin
%global gh_project snuffleupagus
#global gh_date 20180117
%global pecl_name snuffleupagus
# ZTS is not supported, test suite fails
# https://github.com/jvoisin/snuffleupagus/issues/123
%global with_zts 0
%global ini_name 40-%{pecl_name}.ini
%global sources src
%global _configure ../%{sources}/configure
Summary: Security module for PHP
Name: %{?scl_prefix}php-snuffleupagus
Version: 0.11.0
%if 0%{?gh_date}
Release: 1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%else
Release: 1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
%endif
License: LGPL-3.0-only
Group: Development/Languages
URL: https://github.com/%{gh_owner}/%{gh_project}
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
BuildRequires: %{?dtsprefix}gcc
BuildRequires: %{?scl_prefix}php-devel >= 7.0
BuildRequires: pcre-devel
# For tests/upload_validation_real.phpt
# BuildRequires: %%{?scl_prefix}php-vld
BuildRequires: %{?scl_prefix}php-curl
BuildRequires: %{?scl_prefix}php-dom
BuildRequires: %{?scl_prefix}php-simplexml
BuildRequires: %{?scl_prefix}php-xml
#BuildRequires: gdb
#BuildRequires: php-debuginfo
Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api}
Requires: %{?scl_prefix}php(api) = %{php_core_api}
%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}
%description
Snuffleupagus is a PHP module designed to drastically raise the cost of
attacks against websites. This is achieved by killing entire bug classes
and providing a powerful virtual-patching system, allowing the administrator
to fix specific vulnerabilities without having to touch the PHP code.
Documentation: https://snuffleupagus.readthedocs.io/
Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}.
%prep
%setup -q -n %{gh_project}-%{gh_commit}
cd %{sources}
# Sanity check, really often broken
grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h
# sed -e '/PHP_SNUFFLEUPAGUS_VERSION/s/0.9.0/0.8.0/' -i php_snuffleupagus.h
extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h)
if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then
: Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}.
exit 1
fi
cd ..
mkdir NTS
%if %{with_zts}
mkdir ZTS
%endif
# Drop in the bit of configuration
cat << 'EOF' | tee %{ini_name}
; Enable '%{pecl_name}' extension module
extension = %{pecl_name}.so
; Path to rules configuration files, glob or comma separated list
sp.configuration_file = '%{php_inidir}/%{pecl_name}-*.rules'
; Since our configuration format is a bit more complex than php’s one,
; we have a sp.allow_broken_configuration parameter (false by default),
; that you can set to true if you want PHP to carry on if your Snuffleupagus’
; configuration contains syntax errors. You’ll still get a big scary message
; in your logs of course. We do not recommend to use it of course, but
; sometimes it might be useful to be able to “debug in production” without
; breaking your website.
;sp.allow_broken_configuration = Off
EOF
cat << 'EOF' | tee %{pecl_name}-default.rules
# Default rules see https://snuffleupagus.readthedocs.io/config.html
# Don't report about EOL version
sp.global.show_old_php_warning.disable();
EOF
%build
%{?dtsenable}
cd %{sources}
%{__phpize}
cd ../NTS
%configure \
--with-php-config=%{__phpconfig} \
--with-libdir=%{_lib} \
--enable-snuffleupagus
make %{?_smp_mflags}
%if %{with_zts}
cd ../ZTS
%configure \
--with-php-config=%{__ztsphpconfig} \
--with-libdir=%{_lib} \
--enable-snuffleupagus
make %{?_smp_mflags}
%endif
%install
%{?dtsenable}
# Install the NTS stuff
make -C NTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name}
install -D -m 644 %{pecl_name}-default.rules %{buildroot}%{php_inidir}/%{pecl_name}-default.rules
%if %{with_zts}
# Install the ZTS stuff
make -C ZTS install INSTALL_ROOT=%{buildroot}
install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name}
%endif
%check
if [ -f %{php_extdir}/vld.so ]; then
sed -e 's:#!/usr/bin/env php:#!%{__php}:' -i scripts/upload_validation.php
else
rm src/tests/upload_validation/upload_validation_real.phpt
fi
VER=$(%{__php} -r 'echo PHP_VERSION_ID;')
if [ $VER -lt 80000 ]; then
rm -rf src/tests/*php8*/
fi
cd %{sources}
export SP_SKIP_OLD_PHP_CHECK=1
# add extensions used by test suite
TEST_DEPS="-d extension=xml.so -d extension=dom.so -d extension=curl.so -d extension=simplexml.so"
: Minimal load test for NTS extension
%{__php} --no-php-ini \
--define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \
--define sp.allow_broken_configuration=1 \
--modules | grep %{pecl_name}
%if %{with tests}
: Upstream test suite for NTS extension
TEST_PHP_EXECUTABLE=%{__php} \
TEST_PHP_ARGS="-n $TEST_DEPS -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \
REPORT_EXIT_STATUS=1 \
%{__php} -n run-tests.php -q --show-diff
%endif
%if %{with_zts}
: Minimal load test for ZTS extension
%{__ztsphp} --no-php-ini \
--define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \
--define sp.allow_broken_configuration=1 \
--modules | grep %{pecl_name}
%endif
%files
%license LICENSE
%doc *.md
%config(noreplace) %{php_inidir}/%{ini_name}
%config(noreplace) %{php_inidir}/%{pecl_name}-default.rules
%{php_extdir}/%{pecl_name}.so
%if %{with_zts}
%config(noreplace) %{php_ztsinidir}/%{ini_name}
%{php_ztsextdir}/%{pecl_name}.so
%endif
%changelog
* Fri Sep 6 2024 Remi Collet <remi@remirepo.net> - 0.11.0-1
- update to 0.11.0
* Wed Sep 20 2023 Remi Collet <remi@remirepo.net> - 0.10.0-1
- update to 0.10.0
* Tue Sep 5 2023 Remi Collet <remi@remirepo.net> - 0.9.0-3
- add upstream patches for PHP 8.3
- build out of sources tree
* Thu Jan 5 2023 Remi Collet <remi@remirepo.net> - 0.9.0-2
- test build for upstream fix for gh#444
* Wed Jan 4 2023 Remi Collet <remi@remirepo.net> - 0.9.0-1
- update to 0.9.0
- open https://github.com/jvoisin/snuffleupagus/issues/444 borked tests with 8.2
* Mon Aug 29 2022 Remi Collet <remi@remirepo.net> - 0.8.3-1
- update to 0.8.3
* Mon May 23 2022 Remi Collet <remi@remirepo.net> - 0.8.2-1
- update to 0.8.2
- drop patches merged upstream
* Wed May 18 2022 Remi Collet <remi@remirepo.net> - 0.8.0-2
- fix segfault when overriding sp.configuration_file
from https://github.com/jvoisin/snuffleupagus/pull/422
- fix ZTS build
from https://github.com/jvoisin/snuffleupagus/pull/423/
* Mon May 16 2022 Remi Collet <remi@remirepo.net> - 0.8.0-1
- update to 0.8.0
- open https://github.com/jvoisin/snuffleupagus/issues/418 bad version
- open https://github.com/jvoisin/snuffleupagus/issues/419 failed test
* Tue Aug 3 2021 Remi Collet <remi@remirepo.net> - 0.7.1-1
- update to 0.7.1
- drop patch merged upstream
* Mon Jan 4 2021 Remi Collet <remi@remirepo.net> - 0.7.0-1
- update to 0.7.0
- sources from jvoisin instead of nbs-system
- add patch for system libpcre from
https://github.com/jvoisin/snuffleupagus/pull/369
* Fri Feb 21 2020 Remi Collet <remi@remirepo.net> - 0.5.0-4
- fix test suite
* Thu Feb 20 2020 Remi Collet <remi@remirepo.net> - 0.5.0-3
- add upstream patch to fix GCC 10 build
* Tue Jul 23 2019 Remi Collet <remi@remirepo.net> - 0.5.0-2
- rebuild for 7.4.0beta1
* Thu Jun 13 2019 Remi Collet <remi@remirepo.net> - 0.5.0-1
- update to 0.5.0
* Fri Dec 21 2018 Remi Collet <remi@remirepo.net> - 0.4.1-1
- update to 0.4.1
- drop patches merged upstream
* Thu Dec 13 2018 Remi Collet <remi@remirepo.net> - 0.4.0-4
- drop dependency on python, test build for
https://github.com/nbs-system/snuffleupagus/pull/266
* Tue Dec 4 2018 Remi Collet <remi@remirepo.net> - 0.4.0-3
- EL-8 build
* Mon Sep 3 2018 Remi Collet <remi@remirepo.net> - 0.4.0-2
- add patch for PHP 7.3 on 32-bit from
https://github.com/nbs-system/snuffleupagus/pull/242
* Sat Sep 1 2018 Remi Collet <remi@remirepo.net> - 0.4.0-1
- update to 0.4.0
- open https://github.com/nbs-system/snuffleupagus/issues/236
Could not start (invalid configuration)
* Thu Aug 16 2018 Remi Collet <remi@remirepo.net> - 0.2.1-4
- rebuild for 7.3.0beta2 new ABI
* Wed Jul 18 2018 Remi Collet <remi@remirepo.net> - 0.2.1-3
- rebuild for 7.3.0alpha4 new ABI
* Fri Jun 29 2018 Remi Collet <remi@remirepo.net> - 0.2.1-2
- add patch for test suite with PHP 7.3 from
https://github.com/nbs-system/snuffleupagus/pull/185
* Wed Feb 7 2018 Remi Collet <remi@remirepo.net> - 0.2.1-1
- Update to 0.2.1
* Thu Jan 18 2018 Remi Collet <remi@remirepo.net> - 0.2.0-1
- update to 0.2.0
- open https://github.com/nbs-system/snuffleupagus/pull/128 - src in path
* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-3.20180117.bd02d06
- test build for gh#124
- open https://github.com/nbs-system/snuffleupagus/pull/126
* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-2
- clean build options, fix EL build
* Wed Jan 17 2018 Remi Collet <remi@remirepo.net> - 0.1.0-1
- new package, version 0.1.0
- open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build
- open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build
|