diff options
author | Remi Collet <fedora@famillecollet.com> | 2016-03-03 18:06:45 +0100 |
---|---|---|
committer | Remi Collet <fedora@famillecollet.com> | 2016-03-03 18:06:45 +0100 |
commit | ce9cb3228090d77d5ba6e2d2fb05460363e1e2db (patch) | |
tree | 420fc2af64d4b1dbfdf342301c28a060c65126ac | |
parent | 2a6f999bfe2debf0e219b9a60aa99394345e2bcf (diff) |
php-suhosin: 0.10.0-dev for PHP 7
-rw-r--r-- | 3_01.txt | 68 | ||||
-rw-r--r-- | REFLECTION-PHP7 | 219 | ||||
-rw-r--r-- | php-suhosin-php7.spec | 146 | ||||
-rw-r--r-- | php-suhosin.spec | 2 |
4 files changed, 370 insertions, 65 deletions
diff --git a/3_01.txt b/3_01.txt new file mode 100644 index 0000000..6059c80 --- /dev/null +++ b/3_01.txt @@ -0,0 +1,68 @@ +-------------------------------------------------------------------- + The PHP License, version 3.01 +Copyright (c) 1999 - 2014 The PHP Group. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name "PHP" must not be used to endorse or promote products + derived from this software without prior written permission. For + written permission, please contact group@php.net. + + 4. Products derived from this software may not be called "PHP", nor + may "PHP" appear in their name, without prior written permission + from group@php.net. You may indicate that your software works in + conjunction with PHP by saying "Foo for PHP" instead of calling + it "PHP Foo" or "phpfoo" + + 5. The PHP Group may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. + Once covered code has been published under a particular version + of the license, you may always continue to use it under the terms + of that version. You may also choose to use such covered code + under the terms of any subsequent version of the license + published by the PHP Group. No one other than the PHP Group has + the right to modify the terms applicable to covered code created + under this License. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes PHP software, freely available from + <http://www.php.net/software/>". + +THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND +ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP +DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by many +individuals on behalf of the PHP Group. + +The PHP Group can be contacted via Email at group@php.net. + +For more information on the PHP Group and the PHP project, +please see <http://www.php.net>. + +PHP includes the Zend Engine, freely available at +<http://www.zend.com>. diff --git a/REFLECTION-PHP7 b/REFLECTION-PHP7 new file mode 100644 index 0000000..8e07747 --- /dev/null +++ b/REFLECTION-PHP7 @@ -0,0 +1,219 @@ +Extension [ <persistent> extension #77 suhosin7 version 0.10.0dev ] { + + - INI { + Entry [ suhosin.perdir <SYSTEM> ] + Current = '0' + } + Entry [ suhosin.log.sapi <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.log.stdout <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.log.use-x-forwarded-for <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.log.file <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.log.file.name <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.log.file.time <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.executor.include.max_traversal <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.executor.include.whitelist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.include.blacklist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.include.allow_writable_files <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.executor.eval.whitelist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.eval.blacklist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.func.whitelist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.func.blacklist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.executor.disable_emodifier <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.executor.max_depth <PERDIR,SYSTEM> ] + Current = '750' + } + Entry [ suhosin.multiheader <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.memory_limit <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.simulation <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.protectkey <SYSTEM> ] + Current = '1' + } + Entry [ suhosin.coredump <SYSTEM> ] + Current = '0' + } + Entry [ suhosin.disable.display_errors <SYSTEM> ] + Current = '0' + } + Entry [ suhosin.request.max_vars <PERDIR,SYSTEM> ] + Current = '1000' + } + Entry [ suhosin.request.max_varname_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.request.max_value_length <PERDIR,SYSTEM> ] + Current = '1000000' + } + Entry [ suhosin.request.max_array_depth <PERDIR,SYSTEM> ] + Current = '50' + } + Entry [ suhosin.request.max_totalname_length <PERDIR,SYSTEM> ] + Current = '256' + } + Entry [ suhosin.request.max_array_index_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.request.array_index_char_whitelist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.request.array_index_char_blacklist <PERDIR,SYSTEM> ] + Current = ''"+<>;()' + } + Entry [ suhosin.request.disallow_nul <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.request.disallow_ws <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.cookie.max_vars <PERDIR,SYSTEM> ] + Current = '100' + } + Entry [ suhosin.cookie.max_name_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.cookie.max_totalname_length <PERDIR,SYSTEM> ] + Current = '256' + } + Entry [ suhosin.cookie.max_value_length <PERDIR,SYSTEM> ] + Current = '10000' + } + Entry [ suhosin.cookie.max_array_depth <PERDIR,SYSTEM> ] + Current = '50' + } + Entry [ suhosin.cookie.max_array_index_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.cookie.disallow_nul <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.cookie.disallow_ws <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.get.max_vars <PERDIR,SYSTEM> ] + Current = '100' + } + Entry [ suhosin.get.max_name_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.get.max_totalname_length <PERDIR,SYSTEM> ] + Current = '256' + } + Entry [ suhosin.get.max_value_length <PERDIR,SYSTEM> ] + Current = '512' + } + Entry [ suhosin.get.max_array_depth <PERDIR,SYSTEM> ] + Current = '50' + } + Entry [ suhosin.get.max_array_index_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.get.disallow_nul <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.get.disallow_ws <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.post.max_vars <PERDIR,SYSTEM> ] + Current = '1000' + } + Entry [ suhosin.post.max_name_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.post.max_totalname_length <PERDIR,SYSTEM> ] + Current = '256' + } + Entry [ suhosin.post.max_value_length <PERDIR,SYSTEM> ] + Current = '1000000' + } + Entry [ suhosin.post.max_array_depth <PERDIR,SYSTEM> ] + Current = '50' + } + Entry [ suhosin.post.max_array_index_length <PERDIR,SYSTEM> ] + Current = '64' + } + Entry [ suhosin.post.disallow_nul <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.post.disallow_ws <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.cookie.encrypt <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.cookie.cryptkey <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.cookie.cryptua <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.cookie.cryptdocroot <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.cookie.cryptraddr <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.cookie.checkraddr <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.cookie.cryptlist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.cookie.plainlist <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.server.encode <SYSTEM> ] + Current = '1' + } + Entry [ suhosin.server.strip <SYSTEM> ] + Current = '1' + } + Entry [ suhosin.rand.seedingkey <PERDIR,SYSTEM> ] + Current = '' + } + Entry [ suhosin.rand.reseed_every_request <PERDIR,SYSTEM> ] + Current = '0' + } + Entry [ suhosin.srand.ignore <PERDIR,SYSTEM> ] + Current = '1' + } + Entry [ suhosin.mt_srand.ignore <PERDIR,SYSTEM> ] + Current = '1' + } + } +} + diff --git a/php-suhosin-php7.spec b/php-suhosin-php7.spec index 2db982e..078b094 100644 --- a/php-suhosin-php7.spec +++ b/php-suhosin-php7.spec @@ -9,69 +9,67 @@ # Please, preserve the changelog entries # %if 0%{?scl:1} -%if "%{scl}" == "rh-php56" -%global sub_prefix more-php56- -%else %global sub_prefix %{scl_prefix} %endif -%endif -#global gh_commit f0683bf1d9d77e5532e637778107e20826b8d1af -#global gh_short %(c=%{gh_commit}; echo ${c:0:7}) -%global gh_owner stefanesser -%global gh_project suhosin +%global gh_commit 6eb6633aa1816fc6774eaa8a77ae1d6e791760f3 +%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) +%global gh_owner sektioneins +%global gh_project suhosin7 +%global gh_date 20160303 + %{?scl: %scl_package php-suhosin} -%{!?php_inidir: %global php_inidir %{_sysconfdir}/php.d} -%{!?__pecl: %global __pecl %{_bindir}/pecl} -%{!?__php: %global __php %{_bindir}/php} - -%global ext_name suhosin -%global with_zts 0%{?__ztsphp:1} -%if "%{php_version}" < "5.6" -%global ini_name %{ext_name}.ini -%else + +%global ext_name suhosin7 +# https://github.com/sektioneins/suhosin7/issues/4 +%global with_zts 0 %global ini_name 40-%{ext_name}.ini -%endif Name: %{?sub_prefix}php-suhosin -Version: 0.9.38 -Release: 3%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')} +Version: 0.10.0 +%if 0%{?gh_date} +Release: 0.1.%{gh_date}git%{gh_short}%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')} +Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz +%else +Release: 1%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')} +Source0: http://download.suhosin.org/suhosin-%{version}.tar.gz +%endif +# From headers, see https://github.com/sektioneins/suhosin7/issues/1 +Source1: http://php.net/license/3_01.txt + Summary: Suhosin is an advanced protection system for PHP installations Group: Development/Languages License: PHP URL: http://www.hardened-php.net/suhosin/ -%if 0%{?gh_commit:1} -Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz -%else -Source0: http://download.suhosin.org/suhosin-%{version}.tar.gz -%endif BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: %{?scl_prefix}php-devel > 5.4 +BuildRequires: %{?scl_prefix}php-devel > 7 Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} ## Compat SCL (rh-php56) -Provides: %{?scl_prefix}php-suhosin = %{version}-%{release} -Provides: %{?scl_prefix}php-suhosin%{?_isa} = %{version}-%{release} +Provides: %{?scl_prefix}php-suhosin = %{version}-%{release} +Provides: %{?scl_prefix}php-suhosin%{?_isa} = %{version}-%{release} +Provides: %{?scl_prefix}php-suhosin7 = %{version}-%{release} +Provides: %{?scl_prefix}php-suhosin7%{?_isa} = %{version}-%{release} %if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} # Other third party repo stuff -Obsoletes: php53-%{ext_name} <= %{version} -Obsoletes: php53u-%{ext_name} <= %{version} -Obsoletes: php54-%{ext_name} <= %{version} -Obsoletes: php54w-%{ext_name} <= %{version} -%if "%{php_version}" > "5.5" -Obsoletes: php55u-%{ext_name} <= %{version} -Obsoletes: php55w-%{ext_name} <= %{version} -%endif -%if "%{php_version}" > "5.6" -Obsoletes: php56u-%{ext_name} <= %{version} -Obsoletes: php56w-%{ext_name} <= %{version} -%endif +Obsoletes: php53-%{ext_name} <= %{version} +Obsoletes: php53u-%{ext_name} <= %{version} +Obsoletes: php54-%{ext_name} <= %{version} +Obsoletes: php54w-%{ext_name} <= %{version} +Obsoletes: php55u-%{ext_name} <= %{version} +Obsoletes: php55w-%{ext_name} <= %{version} +Obsoletes: php56u-%{ext_name} <= %{version} +Obsoletes: php56w-%{ext_name} <= %{version} +Obsoletes: php70u-%{ext_name} <= %{version} +Obsoletes: php70w-%{ext_name} <= %{version} +Obsoletes: php70u-%{ext_name}7 <= %{version} +Obsoletes: php70w-%{ext_name}7 <= %{version} %endif %if 0%{?fedora} < 20 && 0%{?rhel} < 7 @@ -86,7 +84,9 @@ Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. -Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl})}. +WARNING: THIS SOFTWARE IS PRE-ALPHA SOFTWARE. DO NOT ATTEMPT TO RUN IN PRODUCTION + +Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep @@ -97,20 +97,35 @@ mv %{ext_name}-%{gh_commit} NTS mv %{ext_name}-%{version} NTS %endif +cd NTS +cp %{SOURCE1} LICENSE + # Check extension version -ver=$(sed -n '/SUHOSIN_EXT_VERSION/{s/.* "//;s/".*$//;p}' NTS/php_suhosin.h) -if test "$ver" != "%{version}%{?gh_commit:-dev}"; then - : Error: Upstream SUHOSIN_EXT_VERSION version is ${ver}, expecting %{version}%{?gh_commit:-dev}. +ver=$(sed -n '/SUHOSIN7_EXT_VERSION/{s/.* "//;s/".*$//;p}' php_suhosin7.h) +if test "$ver" != "%{version}%{?gh_date:dev}"; then + : Error: Upstream SUHOSIN_EXT_VERSION version is ${ver}, expecting %{version}%{?gh_date:dev}. exit 1 fi +cd .. %if %{with_zts} # Duplicate source tree for NTS / ZTS build cp -pr NTS ZTS %endif +cat << EOF | tee %{ini_name} +; Enable %{summary} +extension=%{ext_name}.so + +; Configuration options +; See https://suhosin.org/stories/configuration.html +EOF + %build +# https://github.com/sektioneins/suhosin7/issues/3 +export CFLAGS="$RPM_OPT_FLAGS -std=c99" + cd NTS %{_bindir}/phpize %configure --with-php-config=%{_bindir}/php-config @@ -130,13 +145,11 @@ rm -rf %{buildroot} make -C NTS install INSTALL_ROOT=%{buildroot} # install configuration -sed -e 's/\;\(extension=suhosin.so\)/\1/' -i NTS/%{ext_name}.ini -install -Dpm 644 NTS/%{ext_name}.ini %{buildroot}%{php_inidir}/%{ini_name} +install -Dpm 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} %if %{with_zts} make -C ZTS install INSTALL_ROOT=%{buildroot} -sed -e 's/\;\(extension=suhosin.so\)/\1/' -i ZTS/%{ext_name}.ini -install -Dpm 644 ZTS/%{ext_name}.ini %{buildroot}%{php_ztsinidir}/%{ini_name} +install -Dpm 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif @@ -144,46 +157,44 @@ install -Dpm 644 ZTS/%{ext_name}.ini %{buildroot}%{php_ztsinidir}/%{ini_name} : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{ext_name}.so \ - --modules | grep -i suhosin + --modules | grep suhosin7 %if %{with_zts} : Minimal load test for NTS extension %{__ztsphp} --no-php-ini \ --define extension=%{buildroot}%{php_ztsextdir}/%{ext_name}.so \ - --modules | grep -i suhosin + --modules %endif : Upstream test suite for NTS extension cd NTS # drop known to fail tests -%if "%{php_version}" < "5.5" -rm tests/executor/function_blacklist_printf.phpt -rm tests/executor/function_whitelist_call_user_func.phpt -rm tests/executor/eval_blacklist.phpt -rm tests/executor/eval_blacklist_printf.phpt -rm tests/executor/eval_whitelist_call_user_func.phpt -%endif -rm tests/filter/suhosin_upload_disallow_binary_on.phpt - TEST_PHP_EXECUTABLE=%{__php} \ +TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{ext_name}.so" \ REPORT_EXIT_STATUS=1 \ NO_INTERACTION=1 \ -%{__php} run-tests.php \ - -n -q \ - -d extension_dir=modules \ - -d extension=%{ext_name}.so \ +%{__php} -n run-tests.php --show-diff %clean rm -rf %{buildroot} +%posttrans +cat << EOF +========================================================================== + WARNING: + %{name} IS PRE-ALPHA SOFTWARE. DO NOT ATTEMPT TO RUN IN PRODUCTION +========================================================================== +EOF + + %files %defattr(-,root,root,-) %{!?_licensedir:%global license %%doc} %license NTS/LICENSE -%doc NTS/{Changelog,CREDITS} +%doc NTS/{CREDITS,*.md} %config(noreplace) %{php_inidir}/%{ini_name} %{php_extdir}/%{ext_name}.so @@ -195,6 +206,13 @@ rm -rf %{buildroot} %changelog +* Thu Mar 3 2016 Remi Collet <remi@fedoraproject.org> - 0.10.0-0.1.20160303git6eb6633 +- update to 0.10.0 for php 7 +- open https://github.com/sektioneins/suhosin7/issues/1 - License +- open https://github.com/sektioneins/suhosin7/issues/2 - suhosin.ini +- open https://github.com/sektioneins/suhosin7/issues/3 - gcc < 5 +- open https://github.com/sektioneins/suhosin7/issues/4 - ZTS + * Mon Jun 22 2015 Remi Collet <rcollet@redhat.com> - 0.9.38-3 - add virtual "rh-php56" provides diff --git a/php-suhosin.spec b/php-suhosin.spec index 2db982e..f00c75a 100644 --- a/php-suhosin.spec +++ b/php-suhosin.spec @@ -86,7 +86,7 @@ Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. -Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl})}. +Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep |