snuffleupagus: import php-snuffleupagus-0.5.0 as security/php-snuffleupagus
Snuffleupagus is a PHP 7+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrator to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code.
This commit is contained in:
parent
5ef1731e3a
commit
a693f08669
1
Makefile
1
Makefile
|
@ -2920,6 +2920,7 @@ SUBDIR+= php-imagick-imagick6
|
|||
SUBDIR+= php-libawl-git
|
||||
SUBDIR+= php-malware-finder
|
||||
SUBDIR+= php-msgpack
|
||||
SUBDIR+= php-snuffleupagus
|
||||
SUBDIR+= php-tclink
|
||||
SUBDIR+= php-uuid
|
||||
SUBDIR+= php-xdiff
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
Snuffleupagus is a PHP 7+ module designed to drastically raise the cost of
|
||||
attacks against websites, by killing entire bug classes. It also provides a
|
||||
powerful virtual-patching system, allowing administrator to fix specific
|
||||
vulnerabilities and audit suspicious behaviours without having to touch the
|
||||
PHP code.
|
|
@ -0,0 +1,7 @@
|
|||
To enable snuffleupagus you will need to add an entry such as:
|
||||
|
||||
sp.configuration_file=${PKG_SYSCONFDIR}/snuffleupagus/rules/file.rules
|
||||
|
||||
to ${PHP_EXT_CONF_DIR}/${MODNAME}.ini or a custom .ini file.
|
||||
|
||||
For more info: https://snuffleupagus.readthedocs.io/config.html
|
|
@ -0,0 +1,28 @@
|
|||
# $NetBSD$
|
||||
#
|
||||
MODNAME= snuffleupagus
|
||||
PECL_VERSION= 0.5.0
|
||||
CATEGORIES+= security
|
||||
|
||||
# See TODO
|
||||
MASTER_SITES= https://travispaul.me/distfiles/
|
||||
|
||||
MAINTAINER= tpaul@pkgsrc.org
|
||||
HOMEPAGE= https://snuffleupagus.readthedocs.io/
|
||||
COMMENT= Security module for PHP7
|
||||
LICENSE= gnu-lgpl-v3
|
||||
|
||||
MODULESDIR= ${WRKSRC}/src/modules
|
||||
PHPSETUPSUBDIR= src
|
||||
CONFIGURE_DIRS= src
|
||||
CONFIGURE_ARGS+= --with-snuffleupagus=${PREFIX}
|
||||
|
||||
PHP_VERSIONS_INCOMPATIBLE= 56
|
||||
PLIST_SRC+= ${.CURDIR}/PLIST.extras
|
||||
|
||||
TEST_TARGET= test
|
||||
TEST_ENV= NO_INTERACTION=set
|
||||
|
||||
.include "../../devel/pcre/buildlink3.mk"
|
||||
.include "../../lang/php/ext.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
|
@ -0,0 +1,2 @@
|
|||
@comment $NetBSD$
|
||||
@pkgdir etc/snuffleupagus/rules
|
|
@ -0,0 +1,8 @@
|
|||
Convince lang/php/ext.mk and mk/fetch/github.mk to cooporate on fetching the
|
||||
distfile from upstream.
|
||||
|
||||
Look further into the need for the memcpy patch.
|
||||
|
||||
Add an example rules file.
|
||||
|
||||
Failing tests expected?
|
|
@ -0,0 +1,7 @@
|
|||
$NetBSD: distinfo,v 1.2 2015/11/04 01:18:01 agc Exp $
|
||||
|
||||
SHA1 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 9bc1795b6ddacb262f5c5aa39ca8aac1e72426b2
|
||||
RMD160 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 98fc41e5b399bad97e6e3fccaac93af1d60cdf9a
|
||||
SHA512 (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = bf6d4415da4bd763641f4979b91f13218f97445ab7a34865c9aa4d445e0c3a7d14eaa77754c25cb4911a502161b99708afd2ba5754978f3655913e28fd141c24
|
||||
Size (php-snuffleupagus/snuffleupagus-0.5.0.tgz) = 11944713 bytes
|
||||
SHA1 (patch-src_sp__utils.c) = 03f3e1f6b4c08cf4aaad38be89907ac992590a8e
|
|
@ -0,0 +1,17 @@
|
|||
$NetBSD$
|
||||
|
||||
Work around build error with nested macro.
|
||||
|
||||
'macro "memcpy" requires 3 arguments, but only 2 given'
|
||||
|
||||
--- src/sp_utils.c.orig 2019-06-12 14:42:36.000000000 +0000
|
||||
+++ src/sp_utils.c
|
||||
@@ -353,7 +353,7 @@ int hook_function(const char* original_n
|
||||
return FAILURE;
|
||||
}
|
||||
memcpy(mb_name, "mb_", sizeof("mb_") - 1);
|
||||
- memcpy(mb_name + 3, VAR_AND_LEN(original_name));
|
||||
+ memcpy(mb_name + 3, original_name, strlen(original_name));
|
||||
if (zend_hash_str_find(CG(function_table), VAR_AND_LEN(mb_name))) {
|
||||
return hook_function(mb_name, hook_table, new_function);
|
||||
}
|
Loading…
Reference in New Issue