2 files changed, 266 insertions, 3 deletions

diff --git a/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch b/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
new file mode 100644
index 0000000..fbd7750
--- /dev/null
+++ b/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
@@ -0,0 +1,254 @@
+From 1b52614c06b60ced6caecd8dcaa0911ed3aa72e2 Mon Sep 17 00:00:00 2001
+From: bef <bef@users.noreply.github.com>
+Date: Thu, 20 Jun 2019 12:40:07 +0200
+Subject: [PATCH] Fix snufflepagus_globals linking issues and one mac
+ compatibility issue
+
+---
+ src/php_snuffleupagus.h     | 1 +
+ src/sp_config.c             | 2 --
+ src/sp_config_keywords.c    | 2 --
+ src/sp_config_utils.c       | 2 --
+ src/sp_cookie_encryption.c  | 2 --
+ src/sp_crypt.c              | 2 --
+ src/sp_disable_xxe.c        | 2 --
+ src/sp_disabled_functions.c | 2 --
+ src/sp_execute.c            | 2 --
+ src/sp_harden_rand.c        | 2 --
+ src/sp_network_utils.c      | 4 +---
+ src/sp_session.c            | 2 --
+ src/sp_sloppy.c             | 2 --
+ src/sp_unserialize.c        | 1 -
+ src/sp_upload_validation.c  | 2 --
+ src/sp_utils.c              | 2 --
+ src/sp_wrapper.c            | 2 --
+ src/tweetnacl.c             | 2 --
+ 18 files changed, 2 insertions(+), 34 deletions(-)
+
+diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
+index c9313f8..43131fe 100644
+--- a/src/php_snuffleupagus.h
++++ b/src/php_snuffleupagus.h
+@@ -99,6 +99,7 @@ HashTable *sp_internal_functions_hook;
+ HashTable *sp_eval_blacklist_functions_hook;
+ ZEND_END_MODULE_GLOBALS(snuffleupagus)
+ 
++ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus)
+ #define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v)
+ 
+ #if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS)
+diff --git a/src/sp_config.c b/src/sp_config.c
+index 915c8a1..25223f2 100644
+--- a/src/sp_config.c
++++ b/src/sp_config.c
+@@ -4,8 +4,6 @@
+ 
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ size_t sp_line_no;
+ 
+ sp_config_tokens const sp_func[] = {
+diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
+index a13aed2..abb3110 100644
+--- a/src/sp_config_keywords.c
++++ b/src/sp_config_keywords.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static int parse_enable(char *line, bool *restrict retval,
+                         bool *restrict simulation) {
+   bool enable = false, disable = false;
+diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c
+index 71c9071..dbe6793 100644
+--- a/src/sp_config_utils.c
++++ b/src/sp_config_utils.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-size_t sp_line_no;
+-
+ int parse_keywords(sp_config_functions *funcs, char *line) {
+   int value_len = 0;
+   const char *original_line = line;
+diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
+index 249de2d..92a056b 100644
+--- a/src/sp_cookie_encryption.c
++++ b/src/sp_cookie_encryption.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) {
+   const sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies;
+ 
+diff --git a/src/sp_crypt.c b/src/sp_crypt.c
+index da0e2fe..42c1510 100644
+--- a/src/sp_crypt.c
++++ b/src/sp_crypt.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ void generate_key(unsigned char *key) {
+   PHP_SHA256_CTX ctx;
+   const char *user_agent = getenv("HTTP_USER_AGENT");
+diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c
+index df00dbd..53148c8 100644
+--- a/src/sp_disable_xxe.c
++++ b/src/sp_disable_xxe.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ PHP_FUNCTION(sp_libxml_disable_entity_loader) { RETURN_TRUE; }
+ 
+ int hook_libxml_disable_entity_loader() {
+diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c
+index 8177ce1..c088f20 100644
+--- a/src/sp_disabled_functions.c
++++ b/src/sp_disabled_functions.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static void should_disable(zend_execute_data* execute_data,
+                            const char* complete_function_path,
+                            const zend_string* builtin_param,
+diff --git a/src/sp_execute.c b/src/sp_execute.c
+index b4f2595..4eae874 100644
+--- a/src/sp_execute.c
++++ b/src/sp_execute.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL;
+ static void (*orig_zend_execute_internal)(zend_execute_data *execute_data,
+                                           zval *return_value) = NULL;
+diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c
+index 7ab798e..43c2a5b 100644
+--- a/src/sp_harden_rand.c
++++ b/src/sp_harden_rand.c
+@@ -2,8 +2,6 @@
+ 
+ extern ZEND_API zend_class_entry *zend_ce_error;
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ /* This function is needed because `rand` and `mt_rand` parameters
+  * are optional, while the ones from `random_int` aren't. */
+ static void random_int_wrapper(INTERNAL_FUNCTION_PARAMETERS) {
+diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c
+index c444c1e..1811d98 100644
+--- a/src/sp_network_utils.c
++++ b/src/sp_network_utils.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static inline bool cidr4_match(const struct in_addr addr,
+                                const struct in_addr net, uint8_t bits);
+ static inline bool cidr6_match(const struct in6_addr address,
+@@ -19,7 +17,7 @@ static inline bool cidr4_match(const struct in_addr addr,
+ 
+ static inline bool cidr6_match(const struct in6_addr address,
+                                const struct in6_addr network, uint8_t bits) {
+-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
+   const uint32_t *a = address.__u6_addr.__u6_addr32;
+   const uint32_t *n = network.__u6_addr.__u6_addr32;
+ #else
+diff --git a/src/sp_session.c b/src/sp_session.c
+index 596eae9..1064fe6 100644
+--- a/src/sp_session.c
++++ b/src/sp_session.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ #if (HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION))
+ 
+ #ifdef ZTS
+diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c
+index d3678db..5837783 100644
+--- a/src/sp_sloppy.c
++++ b/src/sp_sloppy.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ ZEND_API zend_op_array* (*orig_zend_compile_file)(zend_file_handle* file_handle,
+                                                   int type) = NULL;
+ ZEND_API zend_op_array* (*orig_zend_compile_string)(zval* source_string,
+diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c
+index 5e21d6a..f265ce6 100644
+--- a/src/sp_unserialize.c
++++ b/src/sp_unserialize.c
+@@ -1,6 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+ 
+ PHP_FUNCTION(sp_serialize) {
+   zif_handler orig_handler;
+diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c
+index fe16a46..ee19df9 100644
+--- a/src/sp_upload_validation.c
++++ b/src/sp_upload_validation.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ int (*sp_rfc1867_orig_callback)(unsigned int event, void *event_data,
+                                 void **extra);
+ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra);
+diff --git a/src/sp_utils.c b/src/sp_utils.c
+index 475d552..7641808 100644
+--- a/src/sp_utils.c
++++ b/src/sp_utils.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) {
+   // We can't use `zend_string_equals` here because it doesn't work on
+   // `const` zend_string.
+diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c
+index 1618a4f..277f23a 100644
+--- a/src/sp_wrapper.c
++++ b/src/sp_wrapper.c
+@@ -1,7 +1,5 @@
+ #include "php_snuffleupagus.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ static bool wrapper_is_whitelisted(const zend_string *zs) {
+   const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist;
+ 
+diff --git a/src/tweetnacl.c b/src/tweetnacl.c
+index ad5dae5..9f66546 100644
+--- a/src/tweetnacl.c
++++ b/src/tweetnacl.c
+@@ -3,8 +3,6 @@ we're using the one from PHP.*/
+ #include "php_snuffleupagus.h"
+ #include "ext/standard/php_random.h"
+ 
+-ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus)
+-
+ void randombytes(unsigned char *x, unsigned long long xlen) {
+   assert(SIZE_MAX >= ULLONG_MAX);  // max(size_t) > max(ull) ?
+   php_random_bytes(x, xlen, 1);
diff --git a/php-snuffleupagus.spec b/php-snuffleupagus.spec
index c6af5eb..2263bd7 100644
--- a/php-snuffleupagus.spec
+++ b/php-snuffleupagus.spec
@@ -1,6 +1,6 @@
 # remirepo spec file for php-snuffleupagus
 #
-# Copyright (c) 2018-2019 Remi Collet
+# Copyright (c) 2018-2020 Remi Collet
 # License: CC-BY-SA
 # http://creativecommons.org/licenses/by-sa/4.0/
 #
@@ -33,15 +33,17 @@ Summary:       Security module for PHP
 Name:          %{?sub_prefix}php-snuffleupagus
 Version:       0.5.0
 %if 0%{?gh_date}
-Release:       1%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
+Release:       2%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
 %else
-Release:       1%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
+Release:       3%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}}
 %endif
 License:       LGPLv3
 Group:         Development/Languages
 URL:           https://github.com/%{gh_owner}/%{gh_project}
 Source0:       https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz
 
+Patch0:        https://github.com/jvoisin/snuffleupagus/commit/1b52614c06b60ced6caecd8dcaa0911ed3aa72e2.patch
+
 BuildRequires: %{?dtsprefix}gcc
 BuildRequires: %{?scl_prefix}php-devel > 7
 BuildRequires: pcre-devel
@@ -95,6 +97,7 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO
 
 %prep
 %setup -q -n %{gh_project}-%{gh_commit}
+%patch0 -p1 -b .ups
 
 cd src
 # Sanity check, really often broken
@@ -215,6 +218,12 @@ REPORT_EXIT_STATUS=1 \
 
 
 %changelog
+* Thu Feb 20 2020 Remi Collet <remi@remirepo.net> - 0.5.0-3
+- add upstream patch to fix GCC 10 build
+
+* Tue Jul 23 2019 Remi Collet <remi@remirepo.net> - 0.5.0-2
+- rebuild for 7.4.0beta1
+
 * Thu Jun 13 2019 Remi Collet <remi@remirepo.net> - 0.5.0-1
 - update to 0.5.0