From 75f735f734ed8024aa11256de453667915a477ed Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 5 Jul 2019 10:33:52 +0200 Subject: Document a workaround for a gentoo-specific bug Thanks to infectormp for reporting the bugs, and testing the workaround. --- doc/source/installation.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/source/installation.rst b/doc/source/installation.rst index 3240b7a..74d5d4f 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -46,6 +46,33 @@ prefer: Be careful, on some distribution, there are separate configurations for cli/fmp/cgi/… be sure to edit the right one. +If you're using `Gentoo `__, you might encounter the +following error: + +:: + + $ make + $ /bin/sh /root/snuffleupagus-0.5.0/src/libtool --mode=compile cc -I. -I/root/snuffleupagus-0.5.0/src -DPHP_ATOM_INC -I/root/snuffleupagus-0.5.0/src/include -I/root/snuffleupagus-0.5.0/src/main -I/root/snuffleupagus-0.5.0/src -I/usr/lib64/php7.3/include/php -I/usr/lib64/php7.3/include/php/main -I/usr/lib64/php7.3/include/php/TSRM -I/usr/lib64/php7.3/include/php/Zend -I/usr/lib64/php7.3/include/php/ext -I/usr/lib64/php7.3/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -Wall -Wextra -Wno-unused-parameter -Wformat=2 -Wformat-security -D_FORTIFY_SOURCE=2 -fstack-protector -c /root/snuffleupagus-0.5.0/src/snuffleupagus.c -o snuffleupagus.lo + libtool: Version mismatch error. This is libtool 2.4.6, but the + libtool: definition of this LT_INIT comes from an older release. + libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6 + libtool: and run autoconf again. + make: *** [Makefile:193: snuffleupagus.lo] Error 63 + $ + +This is a `documented php bug `__, +solvable via: + + +:: + + rm -f aclocal.m4 + phpize + aclocal && libtoolize --force && autoreconf + ./configure --enable-snuffleupagus + make + + Upgrading --------- -- cgit v1.3 From bd399574d6b2bf7faa15c04c2bda03b73c16a011 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 9 Jul 2019 10:37:22 +0200 Subject: Fix the Alpine Linux build pcre is not bundled with PHP anymore in AlpineLinux, so we have to install it separately. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 85b03eb..639f277 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -29,7 +29,7 @@ testsuite:alpine: stage: testsuite script: - apk update - - apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre + - apk add php7-dev php7-cgi php7-simplexml php7-xml make gcc musl-dev pcre-dev - make compile_debug - TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/cookies_encryption tests/deny_writable tests/disable_function" - TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test TESTS="tests/dump_request tests/eval_blacklist tests/global_strict" -- cgit v1.3 From 11154bd6f708629a565f31acc4e8ac45b1a6bb7d Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 9 Jul 2019 22:50:26 +0200 Subject: Add a stream wrapper test that doesn't depend on openssl --- .../stream_wrapper_without_openssl.phpt | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt diff --git a/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt new file mode 100644 index 0000000..5a11c8f --- /dev/null +++ b/src/tests/stream_wrapper/stream_wrapper_without_openssl.phpt @@ -0,0 +1,28 @@ +--TEST-- +Stream wrapper, without a dependency on openssl +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_stream_wrapper.ini +--FILE-- + +--EXPECTF-- +Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0 + +Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0 + +Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it when you configured PHP? in Unknown on line 0 + +Warning: file_get_contents(): Unable to find the wrapper "http" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 2 + +Warning: file_get_contents(http://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 2 + +Warning: file_get_contents(ftp://qweqwezxc): failed to open stream: operation failed in %a/stream_wrapper_without_openssl.php on line 3 + +Warning: file_get_contents(): Unable to find the wrapper "lelel" - did you forget to enable it when you configured PHP? in %a/stream_wrapper_without_openssl.php on line 4 + +Warning: file_get_contents(lelel://qweqwezxc): failed to open stream: No such file or directory in %a/stream_wrapper_without_openssl.php on line 4 -- cgit v1.3 From 56e0163ab968421601bee2f3d2206e9cda122ddd Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 9 Jul 2019 23:00:50 +0200 Subject: Don't run an openssl-dependent test is openssl isn't installed --- src/tests/stream_wrapper/stream_wrapper.phpt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/tests/stream_wrapper/stream_wrapper.phpt b/src/tests/stream_wrapper/stream_wrapper.phpt index fdea50c..3336ef6 100644 --- a/src/tests/stream_wrapper/stream_wrapper.phpt +++ b/src/tests/stream_wrapper/stream_wrapper.phpt @@ -1,7 +1,10 @@ --TEST-- Stream wrapper --SKIPIF-- - + --INI-- sp.configuration_file={PWD}/config/config_stream_wrapper.ini --FILE-- -- cgit v1.3 From 935d7bd7b599a04aba8ea956cee688211ad54fe6 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 10 Jul 2019 10:22:56 +0200 Subject: Re-enable PHP7.4 support It seems that the snapshot was fixed, and that the bug is gone (https://externals.io/message/105884) --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9596726..7eade9f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,8 +33,6 @@ matrix: - env: TARGET="gcc php nightly novld" CC="gcc" php: "nightly" allow_failures: - - env: TARGET="gcc php7.4 novld" CC="gcc" - php: "7.4snapshot" - env: TARGET="gcc php nightly novld" CC="gcc" php: "nightly" -- cgit v1.3 From 031d81b5decfd4ce504b15777028ed74ce84f65e Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 10 Jul 2019 10:27:55 +0200 Subject: Improve a bit the readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 110fb39..418ae84 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ without having to touch the PHP code. ## Key Features -* Close to zero performance impact +* No [noticeable performance impact](https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html) * Powerful yet simple to write virtual-patching rules * Killing several classes of vulnerabilities * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution @@ -75,10 +75,10 @@ without having to touch the PHP code. * Whitelist/blacklist for `eval` * Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php) * Request dumping capability -* A relatively sane codebase: - * A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) testsuite +* A relatively sane code base: + * A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) test suite close to 100% coverage * Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines) - * An `clang-format`-enfored code style + * An `clang-format`-enforced code style * A [comprehensive documentation](https://snuffleupagus.rtfd.io) * Usage of [coverity](https://scan.coverity.com/projects/nbs-system-snuffleupagus) -- cgit v1.3 From 92584082f9a86243f8155889dbcc2716e09750f4 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 10 Jul 2019 20:32:56 +0200 Subject: Fix the Debian build on gitlab Apparently, pcre isn't a hard dependency for php anymore. We're using pcre2, because pcre3 is actually pcre in Debian, because why not. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 639f277..40dcd0a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ testsuite:debian: stage: testsuite script: - apt-get -qqy update - - apt-get -qqy install --no-install-recommends php-dev gcc make + - apt-get -qqy install --no-install-recommends php-dev gcc make libpcre2-dev - make debug testsuite:fedora: -- cgit v1.3 From f7e25b29c1cd5273675dbb3d6883c40377d8315d Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 10 Jul 2019 21:18:29 +0200 Subject: Use pcre3 on Debian in gitlab's CI for now. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 40dcd0a..73181c5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,7 +6,7 @@ testsuite:debian: stage: testsuite script: - apt-get -qqy update - - apt-get -qqy install --no-install-recommends php-dev gcc make libpcre2-dev + - apt-get -qqy install --no-install-recommends php-dev gcc make libpcre3-dev - make debug testsuite:fedora: -- cgit v1.3