snuffleupagus: import php-snuffleupagus-0.5.0 as security/php-snuffleupagus

Snuffleupagus is a PHP 7+ module designed to drastically raise the cost of
attacks against websites, by killing entire bug classes. It also provides a
powerful virtual-patching system, allowing administrator to fix specific
vulnerabilities and audit suspicious behaviours without having to touch the
PHP code.

Makefile

@@ -2920,6 +2920,7 @@ SUBDIR+=	php-imagick-imagick6
 SUBDIR+=	php-libawl-git
 SUBDIR+=	php-malware-finder
 SUBDIR+=	php-msgpack
+SUBDIR+=	php-snuffleupagus
 SUBDIR+=	php-tclink
 SUBDIR+=	php-uuid
 SUBDIR+=	php-xdiff

php-snuffleupagus/DESCR

@@ -0,0 +1,5 @@
+Snuffleupagus is a PHP 7+ module designed to drastically raise the cost of
+attacks against websites, by killing entire bug classes. It also provides a
+powerful virtual-patching system, allowing administrator to fix specific
+vulnerabilities and audit suspicious behaviours without having to touch the
+PHP code.

php-snuffleupagus/MESSAGE

@@ -0,0 +1,7 @@
+To enable snuffleupagus you will need to add an entry such as:
+
+  sp.configuration_file=${PKG_SYSCONFDIR}/snuffleupagus/rules/file.rules
+
+to ${PHP_EXT_CONF_DIR}/${MODNAME}.ini or a custom .ini file.
+
+For more info: https://snuffleupagus.readthedocs.io/config.html

php-snuffleupagus/Makefile

@@ -0,0 +1,28 @@
+# $NetBSD$
+#
+MODNAME=		snuffleupagus
+PECL_VERSION=		0.5.0
+CATEGORIES+=		security
+
+# See TODO
+MASTER_SITES=		https://travispaul.me/distfiles/
+
+MAINTAINER=		tpaul@pkgsrc.org
+HOMEPAGE=		https://snuffleupagus.readthedocs.io/
+COMMENT=		Security module for PHP7
+LICENSE=		gnu-lgpl-v3
+
+MODULESDIR=		${WRKSRC}/src/modules
+PHPSETUPSUBDIR=		src
+CONFIGURE_DIRS=		src
+CONFIGURE_ARGS+=	--with-snuffleupagus=${PREFIX}
+
+PHP_VERSIONS_INCOMPATIBLE=	56
+PLIST_SRC+=			${.CURDIR}/PLIST.extras
+
+TEST_TARGET=		test
+TEST_ENV=		NO_INTERACTION=set
+
+.include "../../devel/pcre/buildlink3.mk"
+.include "../../lang/php/ext.mk"
+.include "../../mk/bsd.pkg.mk"

php-snuffleupagus/PLIST.extras

@@ -0,0 +1,2 @@
+@comment $NetBSD$
+@pkgdir etc/snuffleupagus/rules

php-snuffleupagus/TODO

@@ -0,0 +1,8 @@
+Convince lang/php/ext.mk and mk/fetch/github.mk to cooporate on fetching the
+distfile from upstream.
+
+Look further into the need for the memcpy patch.
+
+Add an example rules file.
+
+Failing tests expected?

php-snuffleupagus/distinfo

@@ -0,0 +1,7 @@
+$NetBSD: distinfo,v 1.2 2015/11/04 01:18:01 agc Exp $
+
+SHA1 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 9bc1795b6ddacb262f5c5aa39ca8aac1e72426b2
+RMD160 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 98fc41e5b399bad97e6e3fccaac93af1d60cdf9a
+SHA512 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = bf6d4415da4bd763641f4979b91f13218f97445ab7a34865c9aa4d445e0c3a7d14eaa77754c25cb4911a502161b99708afd2ba5754978f3655913e28fd141c24
+Size (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 11944713 bytes
+SHA1 (patch-src_sp__utils.c) = 03f3e1f6b4c08cf4aaad38be89907ac992590a8e

php-snuffleupagus/patches/patch-src_sp__utils.c

@@ -0,0 +1,17 @@
+$NetBSD$
+
+Work around build error with nested macro.
+
+  'macro "memcpy" requires 3 arguments, but only 2 given'
+
+--- src/sp_utils.c.orig	2019-06-12 14:42:36.000000000 +0000
++++ src/sp_utils.c
+@@ -353,7 +353,7 @@ int hook_function(const char* original_n
+       return FAILURE;
+     }
+     memcpy(mb_name, "mb_", sizeof("mb_") - 1);
+-    memcpy(mb_name + 3, VAR_AND_LEN(original_name));
++    memcpy(mb_name + 3, original_name, strlen(original_name));
+     if (zend_hash_str_find(CG(function_table), VAR_AND_LEN(mb_name))) {
+       return hook_function(mb_name, hook_table, new_function);
+     }