# remirepo spec file for php-snuffleupagus # # Copyright (c) 2018-2022 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # # we don't want -z defs linker flag %undefine _strict_symbol_defs_build %if 0%{?scl:1} %global sub_prefix %{scl_prefix} %scl_package php-snuffleupagus %else %global _root_bindir %{_bindir} %global pkg_name %{name} %endif %global gh_commit 3d206b9ae51680ae6c0f0eee3e11e667d343d3e4 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner jvoisin %global gh_project snuffleupagus #global gh_date 20180117 %global pecl_name snuffleupagus # ZTS is not supported, test suite fails # https://github.com/nbs-system/snuffleupagus/issues/123 %global with_zts 0 %global ini_name 40-%{pecl_name}.ini Summary: Security module for PHP Name: %{?sub_prefix}php-snuffleupagus Version: 0.8.1 %if 0%{?gh_date} Release: 2%{gh_date}.%{gh_short}%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %else Release: 2%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} %endif License: LGPLv3 Group: Development/Languages URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{pkg_name}-%{version}-%{gh_short}.tar.gz Patch0: upstream.patch BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?scl_prefix}php-devel > 7 BuildRequires: pcre-devel # For tests/upload_validation_real.phpt # BuildRequires: %%{?scl_prefix}php-vld BuildRequires: %{?scl_prefix}php-curl BuildRequires: %{?scl_prefix}php-dom BuildRequires: %{?scl_prefix}php-simplexml BuildRequires: %{?scl_prefix}php-xml #BuildRequires: gdb #BuildRequires: php-debuginfo Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} %if "%{?packager}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} %if "%{php_version}" > "7.3" Obsoletes: php73-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.4" Obsoletes: php74-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "8.0" Obsoletes: php80-%{pecl_name} <= %{version} %endif %endif %description Snuffleupagus is a PHP module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Documentation: https://snuffleupagus.readthedocs.io/ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -n %{gh_project}-%{gh_commit} %patch0 -p1 -b .up cd src # Sanity check, really often broken grep PHP_SNUFFLEUPAGUS_VERSION php_snuffleupagus.h # sed -e '/PHP_SNUFFLEUPAGUS_VERSION/s/0.9.0/0.8.0/' -i php_snuffleupagus.h extver=$(sed -n '/#define PHP_SNUFFLEUPAGUS_VERSION/{s/.* "//;s/".*$//;p}' php_snuffleupagus.h) if test "x${extver}" != "x%{version}%{?gh_date:-dev}"; then : Error: Upstream extension version is ${extver}, expecting %{version}%{?gh_date:-dev}. exit 1 fi cd .. %if %{with_zts} # duplicate for ZTS build cp -pr src ZTS %endif # Drop in the bit of configuration cat << 'EOF' | tee %{ini_name} ; Enable '%{pecl_name}' extension module extension = %{pecl_name}.so ; Path to rules configuration files, glob or comma separated list sp.configuration_file = '%{php_inidir}/%{pecl_name}-*.rules' ; Since our configuration format is a bit more complex than php’s one, ; we have a sp.allow_broken_configuration parameter (false by default), ; that you can set to true if you want PHP to carry on if your Snuffleupagus’ ; configuration contains syntax errors. You’ll still get a big scary message ; in your logs of course. We do not recommend to use it of course, but ; sometimes it might be useful to be able to “debug in production” without ; breaking your website. ;sp.allow_broken_configuration = Off EOF cat << 'EOF' | tee %{pecl_name}-default.rules # Default rules see https://snuffleupagus.readthedocs.io/config.html # Don't report about EOL version sp.global.show_old_php_warning.disable(); EOF %build %{?dtsenable} cd src %{_bindir}/phpize %configure \ --with-php-config=%{_bindir}/php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %if %{with_zts} cd ../ZTS %{_bindir}/zts-phpize %configure \ --with-php-config=%{_bindir}/zts-php-config \ --with-libdir=%{_lib} \ --enable-snuffleupagus make %{?_smp_mflags} %endif %install %{?dtsenable} # Install the NTS stuff make -C src install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_inidir}/%{ini_name} install -D -m 644 %{pecl_name}-default.rules %{buildroot}%{php_inidir}/%{pecl_name}-default.rules %if %{with_zts} # Install the ZTS stuff make -C ZTS install INSTALL_ROOT=%{buildroot} install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} %endif %check if [ -f %{php_extdir}/vld.so ]; then sed -e 's:#!/usr/bin/env php:#!%{__php}:' -i scripts/upload_validation.php else rm src/tests/upload_validation/upload_validation_real.phpt fi %if "%{php_version}" < "8" rm -rf src/tests/*php8*/ %endif export SP_SKIP_OLD_PHP_CHECK=1 # add extensions used by test suite TEST_DEPS="-d extension=xml.so -d extension=dom.so -d extension=curl.so -d extension=simplexml.so" cd src : Minimal load test for NTS extension %{__php} --no-php-ini \ --define extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} : Upstream test suite for NTS extension TEST_PHP_EXECUTABLE=%{__php} \ TEST_PHP_ARGS="-n $TEST_DEPS -d extension=$PWD/modules/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__php} -n run-tests.php --show-diff %if %{with_zts} cd ../ZTS : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=$PWD/modules/%{pecl_name}.so \ --define sp.allow_broken_configuration=1 \ --modules | grep %{pecl_name} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{__ztsphp} \ TEST_PHP_ARGS="-n $TEST_DEPS -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{__ztsphp} -n run-tests.php --show-diff %endif %files %{!?_licensedir:%global license %%doc} %license LICENSE %doc *.md %config(noreplace) %{php_inidir}/%{ini_name} %config(noreplace) %{php_inidir}/%{pecl_name}-default.rules %{php_extdir}/%{pecl_name}.so %if %{with_zts} %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %endif %changelog * Wed May 18 2022 Remi Collet - 0.8.0-2 - fix segfault when overriding sp.configuration_file from https://github.com/jvoisin/snuffleupagus/pull/422 - fix ZTS build from https://github.com/jvoisin/snuffleupagus/pull/423/ * Mon May 16 2022 Remi Collet - 0.8.0-1 - update to 0.8.0 - open https://github.com/jvoisin/snuffleupagus/issues/418 bad version - open https://github.com/jvoisin/snuffleupagus/issues/419 failed test * Tue Aug 3 2021 Remi Collet - 0.7.1-1 - update to 0.7.1 - drop patch merged upstream * Mon Jan 4 2021 Remi Collet - 0.7.0-1 - update to 0.7.0 - sources from jvoisin instead of nbs-system - add patch for system libpcre from https://github.com/jvoisin/snuffleupagus/pull/369 * Fri Feb 21 2020 Remi Collet - 0.5.0-4 - fix test suite * Thu Feb 20 2020 Remi Collet - 0.5.0-3 - add upstream patch to fix GCC 10 build * Tue Jul 23 2019 Remi Collet - 0.5.0-2 - rebuild for 7.4.0beta1 * Thu Jun 13 2019 Remi Collet - 0.5.0-1 - update to 0.5.0 * Fri Dec 21 2018 Remi Collet - 0.4.1-1 - update to 0.4.1 - drop patches merged upstream * Thu Dec 13 2018 Remi Collet - 0.4.0-4 - drop dependency on python, test build for https://github.com/nbs-system/snuffleupagus/pull/266 * Tue Dec 4 2018 Remi Collet - 0.4.0-3 - EL-8 build * Mon Sep 3 2018 Remi Collet - 0.4.0-2 - add patch for PHP 7.3 on 32-bit from https://github.com/nbs-system/snuffleupagus/pull/242 * Sat Sep 1 2018 Remi Collet - 0.4.0-1 - update to 0.4.0 - open https://github.com/nbs-system/snuffleupagus/issues/236 Could not start (invalid configuration) * Thu Aug 16 2018 Remi Collet - 0.2.1-4 - rebuild for 7.3.0beta2 new ABI * Wed Jul 18 2018 Remi Collet - 0.2.1-3 - rebuild for 7.3.0alpha4 new ABI * Fri Jun 29 2018 Remi Collet - 0.2.1-2 - add patch for test suite with PHP 7.3 from https://github.com/nbs-system/snuffleupagus/pull/185 * Wed Feb 7 2018 Remi Collet - 0.2.1-1 - Update to 0.2.1 * Thu Jan 18 2018 Remi Collet - 0.2.0-1 - update to 0.2.0 - open https://github.com/nbs-system/snuffleupagus/pull/128 - src in path * Wed Jan 17 2018 Remi Collet - 0.1.0-3.20180117.bd02d06 - test build for gh#124 - open https://github.com/nbs-system/snuffleupagus/pull/126 * Wed Jan 17 2018 Remi Collet - 0.1.0-2 - clean build options, fix EL build * Wed Jan 17 2018 Remi Collet - 0.1.0-1 - new package, version 0.1.0 - open https://github.com/nbs-system/snuffleupagus/issues/123 - ZTS build - open https://github.com/nbs-system/snuffleupagus/issues/124 - EL-7 build