From 38cbef5edfde42ee76c08eaac9f149744eae884b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 20 Jun 2020 12:42:02 +0200 Subject: Bump the changelog --- doc/source/changelog.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'doc/source') diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index 55b5c7e..a72b737 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,6 +1,23 @@ Changelog ========= +0.5.1 - `Order of the Elephant `__ 2020/06/20 +-------------------------------------------------------------------------------------------------------------- + +New features +^^^^^^^^^^^^ +* Add support for syslog + + +Improvements +^^^^^^^^^^^^ +* Improve OSX support +* Improve marginally of php8+ compatibility +* Improve php7.4 compatibility +* Improve the default ruleset +* Improve the documentation +* Improve the gitlab CI + 0.5.0 - `Elephant Flats `__ 2019/06/12 -------------------------------------------------------------------------------------------------------------- -- cgit v1.3 From dc60430d1e472f8c18865411d6aa33b4b482e06f Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 26 Jun 2020 12:20:55 +0200 Subject: Fix the footer in the documentation wrt. copyright --- doc/source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/source') diff --git a/doc/source/conf.py b/doc/source/conf.py index 644af6e..6680e9a 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -47,7 +47,7 @@ master_doc = 'index' # General information about the project. project = u'Snuffleupagus' -copyright = u'%d, NBS System' % datetime.now().year +copyright = u'2017-2018 NBS System, 2019-%d Julien (jvoisin) Voisin' % datetime.now().year author = u'Sebastien Blot & Julien Voisin' # The version info for the project you're documenting, acts as replacement for -- cgit v1.3 From 02fa18c45b2bd622d3b64e30f0660a8b6c0e5344 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 26 Jun 2020 12:49:29 +0200 Subject: Add two articles to the propaganda section --- doc/source/papers.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 3d5e42a..b60a405 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -73,6 +73,13 @@ Articles - `What the f*ck is a Snuffleupagus? `__ - Living The Dream - `Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks `__ - The Daily Swig +2020 +"""" + +- `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP `__ (es) - linuxadictos.com +- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях + `__ (ru) - rebeltech.ru + Papers ------ -- cgit v1.3 From ed12d6c784e524bdf50f6f503160cd55216d34d7 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 4 Jul 2020 14:00:20 +0200 Subject: Add two articles to the propaganda page --- doc/source/papers.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index b60a405..f5cb15e 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -72,6 +72,7 @@ Articles - `Проект Snuffleupagus развивает PHP-модуль для блокирования уязвимостей `__ (ru) - opennet.ru - `What the f*ck is a Snuffleupagus? `__ - Living The Dream - `Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks `__ - The Daily Swig +- `Snuffleupagus versus recent high-profile vulnerabilities `__ - dustri.org 2020 """" @@ -79,6 +80,7 @@ Articles - `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP `__ (es) - linuxadictos.com - `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях `__ (ru) - rebeltech.ru +- `Snuffleupagus versus recent high-profile vulnerabilities, again! `__ - dustri.org Papers -- cgit v1.3 From 4937c39e9f1dd2e6e1be3bf668dffd3935122838 Mon Sep 17 00:00:00 2001 From: Chris Lin Date: Sun, 5 Jul 2020 16:21:32 +0800 Subject: Document how to install Snuffleupagus on Heroku REF: #336--- doc/source/installation.rst | 70 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'doc/source') diff --git a/doc/source/installation.rst b/doc/source/installation.rst index a6b0ff8..fe6a7e3 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -73,6 +73,76 @@ solvable via: make +Heroku installation +------------------- + +Heroku official `buildpack `_ uses ``Composer`` to install all dependencies required by your PHP application. +If you're using `manual installation `__ and `default rules `__, you might crash the deployment and encounter the following error: + +:: + + app[api]: Release v666 created by user kulisu@github.com + heroku[web.1]: Starting process with command `vendor/bin/heroku-php-apache2 -F fpm_custom.conf public/` + heroku[web.1]: Stopping all processes with SIGTERM + app[web.1]: Stopping httpd... + app[web.1]: SIGTERM received, attempting graceful shutdown... + app[web.1]: Stopping php-fpm... + app[web.1]: Shutdown complete. + heroku[web.1]: Process exited with status 143 + app[web.1]: [heroku-exec] Starting + app[web.1]: Unable to determine Composer vendor-dir setting; is 'composer' executable on path or 'composer.phar' in current working directory? + heroku[web.1]: Process exited with status 1 + heroku[web.1]: State changed from starting to crashed + +Requirements +^^^^^^^^^^^^ + +According to the `document `_ you can install custom PHP extensions during compilation. +All you need to do is updaing ``composer.json`` to install Snuffleupagus, and updating ``Procfile`` to load additional PHP-FPM configuration. + +Composer +^^^^^^^^^^ + +:: + + { + "require": { + "php": "~7.4.6" + }, + "config": { + "platform": { + "php": "7.4.6" + } + }, + "scripts": { + "compile": [ + "git clone https://github.com/jvoisin/snuffleupagus /tmp/snuffleupagus", + "cd /tmp/snuffleupagus/src && phpize && ./configure --enable-snuffleupagus && make && make install", + "echo 'extension=snuffleupagus.so\nsp.allow_broken_configuration=on\nsp.configuration_file=/dev/null' > /app/.heroku/php/etc/php/conf.d/999-ext-snuffleupagus.ini" + ] + } + } + +This step will compile Snuffleupagus to shared library, install it to proper path and specify an empty configuration in ``sp.configuration_file`` to ensure all Heroku console scripts against restrictions. + +PHP-FPM +^^^^^^^^^^ + +:: + + ; ext-snuffleupagus + php_admin_flag[sp.allow_broken_configuration] = off + php_admin_value[sp.configuration_file] = /app/default.rules + +The final step is setting ``sp.configuration_file`` in an additional `PHP-FPM configuration `_, and specifying it to load with Apache or Nginx. That's it. Now your PHP application is hardening by Snuffleupagus. + +:: + + app[web.1]: [05-Jul-2020 07:45:22 UTC] PHP Fatal error: [snuffleupagus][0.0.0.0][disabled_function] Aborted execution on call of the function 'exec', because its argument '$command' content (id;whoami) matched a rule in /app/public/test2.php on line 1 + app[web.1]: 10.9.226.141 - - [05/Jul/2020:07:45:22 +0000] "GET /test2.php?cmd=id;whoami HTTP/1.1" 500 - "-" "curl/7.68.0 + heroku[router]: at=info method=GET path="/test2.php?cmd=id;whoami" host=heroku-x-snuffleupagus.herokuapp.com request_id=012345678-9012-3456-7890-123456789012 fwd="1.2.3.4" dyno=web.1 connect=0ms service=7ms status=500 bytes=169 protocol=http + + Upgrading --------- -- cgit v1.3 From bb3083ec64eb262418479fe3005fd679318e9ca4 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 6 Jul 2020 20:00:07 +0200 Subject: Improve a bit the previous commit --- doc/source/installation.rst | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'doc/source') diff --git a/doc/source/installation.rst b/doc/source/installation.rst index fe6a7e3..c4cc355 100644 --- a/doc/source/installation.rst +++ b/doc/source/installation.rst @@ -76,12 +76,14 @@ solvable via: Heroku installation ------------------- -Heroku official `buildpack `_ uses ``Composer`` to install all dependencies required by your PHP application. -If you're using `manual installation `__ and `default rules `__, you might crash the deployment and encounter the following error: +Heroku's official `buildpack `_ +uses ``Composer`` to install all dependencies required by your PHP application. +Careful with the `default set of rules +`__, +since it might block the composer deployment, leading to the following errors: :: - app[api]: Release v666 created by user kulisu@github.com heroku[web.1]: Starting process with command `vendor/bin/heroku-php-apache2 -F fpm_custom.conf public/` heroku[web.1]: Stopping all processes with SIGTERM app[web.1]: Stopping httpd... @@ -97,11 +99,11 @@ If you're using `manual installation `__ Requirements ^^^^^^^^^^^^ -According to the `document `_ you can install custom PHP extensions during compilation. -All you need to do is updaing ``composer.json`` to install Snuffleupagus, and updating ``Procfile`` to load additional PHP-FPM configuration. +To install snuffleupagus on heroku, simply follow the `documentation `_, +and edit the ``composer.json`` file, as well as the ``Procfile`` to load the additional PHP-FPM configuration. -Composer -^^^^^^^^^^ +composer.json +""""""""""""" :: @@ -123,10 +125,12 @@ Composer } } -This step will compile Snuffleupagus to shared library, install it to proper path and specify an empty configuration in ``sp.configuration_file`` to ensure all Heroku console scripts against restrictions. +This configuration will compile Snuffleupagus to shared library, install it to the proper +location and specify an empty configuration in ``sp.configuration_file`` to ensure +that the ``composer`` deployment phase won't get killed by some rules. PHP-FPM -^^^^^^^^^^ +""""""" :: @@ -134,7 +138,11 @@ PHP-FPM php_admin_flag[sp.allow_broken_configuration] = off php_admin_value[sp.configuration_file] = /app/default.rules -The final step is setting ``sp.configuration_file`` in an additional `PHP-FPM configuration `_, and specifying it to load with Apache or Nginx. That's it. Now your PHP application is hardening by Snuffleupagus. +The final step is to point ``sp.configuration_file`` to a rule set by setting +the preference in an additional `PHP-FPM +configuration `_. + +You should now be running Snuffleupagus in PHP on heroku: :: @@ -146,4 +154,4 @@ The final step is setting ``sp.configuration_file`` in an additional `PHP-FPM co Upgrading --------- -Upgrading the Snuffleupagus is as simple as recompiling it (or using a binary), replacing the file and restarting your webserver. +Upgrading Snuffleupagus is as simple as recompiling it (or using a binary), replacing the file and restarting your webserver. -- cgit v1.3 From decf73be5ac430ce7788ab1c86f64ad9d74602f9 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 6 Jul 2020 20:01:10 +0200 Subject: Fix a warning in the documentation --- doc/source/papers.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index f5cb15e..fd0458c 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -78,8 +78,7 @@ Articles """" - `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP `__ (es) - linuxadictos.com -- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях - `__ (ru) - rebeltech.ru +- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях `__ (ru) - rebeltech.ru - `Snuffleupagus versus recent high-profile vulnerabilities, again! `__ - dustri.org -- cgit v1.3 From cf556c7c16728c36dcb1f18b9caf58029c20918a Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 27 Oct 2020 15:17:18 +0100 Subject: Fix some download links --- doc/source/download.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'doc/source') diff --git a/doc/source/download.rst b/doc/source/download.rst index fd61099..1250b0e 100644 --- a/doc/source/download.rst +++ b/doc/source/download.rst @@ -10,8 +10,8 @@ so you can build a package yourself. Alpine Linux ------------ -We're providing a `APKBUILD `__, -so you can build a package yourself. +We're maintaining the `package in Alpine `__: +you can simply ``apk add`` it. Debian and Ubuntu ----------------- @@ -23,14 +23,14 @@ or build your own package by cloning the source code and typing ``make debian``. Fedora ------ -Thanks to [Rémo Collet](https://twitter.com/RemiCollet), Snuffleupagus is -[packaged](https://pkgs.org/download/php-snuffleupagus) in Fedora! +Thanks to `Rémo Collet `__, Snuffleupagus is +`packaged `__ in Fedora! FreeBSD ------- -Thanks to [Franco Fichtner](https://twitter.com/fitchitis), Snuffleupagus is -[packaged](https://www.freshports.org/security/snuffleupagus/) in FreeBSD! +Thanks to `Franco Fichtner `__, Snuffleupagus is +`packaged `__ in FreeBSD! Source code ----------- -- cgit v1.3 From 3944b6178c36979e21409858c4186469d9c2e3ea Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 27 Oct 2020 15:17:40 +0100 Subject: Fix some slides links --- doc/source/papers.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index fd0458c..7b134b2 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -9,15 +9,15 @@ Talks 2017 """" -- `BerlinSide0x08 `_ - `slides `__ -- `Hack.lu 2017 `_ - `slides `__ - `video `__ -- `BlackAlps `_ - `slides `__ - `video `__ +- `BerlinSide0x08 `_ - `slides `__ +- `Hack.lu 2017 `_ - `slides `__ - `video `__ +- `BlackAlps `_ - `slides `__ - `video `__ 2018 """" -- `Pass the Salt `_ - `slides `__ - `video `__ -- `44con `__ - `slides `__ +- `Pass the Salt `_ - `slides `__ - `video `__ +- `44con `__ - `slides `__ 2020 """" -- cgit v1.3 From 630ab2f9e451835bf6d343438ca781892e95d9e3 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 6 Nov 2020 17:41:59 +0100 Subject: Bump the changelog --- debian/changelog | 24 +++++++++++++---- doc/source/changelog.rst | 69 ++++++++++++++++++++++++++++++------------------ src/php_snuffleupagus.h | 4 +-- 3 files changed, 64 insertions(+), 33 deletions(-) (limited to 'doc/source') diff --git a/debian/changelog b/debian/changelog index fc9e0b0..3177034 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +snuffleupagus (0.6.0) UNRELEASED; urgency=medium + + [ jvoisin ] + * More constification + * Snuffleupagus should now be able to get client's ip addresses in more cases + * Documented compatibility with Heroku + * Improved logging + * Added a couple of tests + + [ wargio ] + * allow empty configurations + + -- jvoisin Fri, 06 Nov 2020 17:45:00 +0200 + + snuffleupagus (0.5.1) UNRELEASED; urgency=medium [ jvoisin ] @@ -11,7 +26,6 @@ snuffleupagus (0.5.1) UNRELEASED; urgency=medium -- jvoisin Sat, 20 Jun 2020 12:30:00 +0200 - snuffleupagus (0.5.0) UNRELEASED; urgency=medium [ kkadosh ] @@ -37,7 +51,7 @@ snuffleupagus (0.4.1) UNRELEASED; urgency=medium * Improve and clarify the documentation * Add support for PHP7.3 * Improve the coverage, we have now reached 99% of coverage - * Improve the `mb_string` hooking logic + * Improve the `mb_string` hooking logic * The script that check uploaded file is now available in PHP * Fix segfault on 32-bit for PHP7.3 * Fix segfault when using `sloppy_comparison` feature with array @@ -67,11 +81,11 @@ snuffleupagus (0.3.1) UNRELEASED; urgency=medium * Disable XXE and harden PRNG by default * Use SameSite on PHP's session cookie in the default rules - * Relax a bit what files can be included in the default rules + * Relax a bit what files can be included in the default rules * Add the possibility to ignore files hashes when generating rules - * The filename filter is now accepting phar paths + * The filename filter is now accepting phar paths * The harden rand_feature is not ignoring parameters anymore in function calls - * Fix possible crashes/hangs when using php-fpm's pools + * Fix possible crashes/hangs when using php-fpm's pools * Fix an infinite loop on echo hook * Fix an issue with filename filter * Fix some documentation issues diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index a72b737..b4b87b8 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,8 +1,25 @@ Changelog ========= -0.5.1 - `Order of the Elephant `__ 2020/06/20 --------------------------------------------------------------------------------------------------------------- +0.6.0 - `Elephant in the room `__ 2020/11/06 +---------------------------------------------------------------------------------------------------------- + +New features +^^^^^^^^^^^^ +* Allow empty configurations + +Improvements +^^^^^^^^^^^^ + +* More constification +* Snuffleupagus should now be able to get client's ip addresses in more cases +* Documented compatibility with Heroku +* Improved logging +* Added a couple of tests + + +0.5.1 - `Order of the Elephant `__ 2020/06/20 +----------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ @@ -19,8 +36,8 @@ Improvements * Improve the gitlab CI -0.5.0 - `Elephant Flats `__ 2019/06/12 --------------------------------------------------------------------------------------------------------------- +0.5.0 - `Elephant Flats `__ 2019/06/12 +---------------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -45,8 +62,8 @@ Bug fixes -0.4.1 - `Loxodonta `__ 2018/12/21 --------------------------------------------------------------------------------------------------------------- +0.4.1 - `Loxodonta `__ 2018/12/21 +----------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -66,8 +83,8 @@ Bug fixes -0.4.0 - `Oliphant Chuckerbutty `__ 2018/08/31 --------------------------------------------------------------------------------------------------------------- +0.4.0 - `Oliphant Chuckerbutty `__ 2018/08/31 +----------------------------------------------------------------------------------------------------------- New features ^^^^^^^^^^^^ @@ -105,8 +122,8 @@ Bug fixes -0.3.1 - `Elephant Arch `__ 2018/08/20 ------------------------------------------------------------------------------------------------------- +0.3.1 - `Elephant Arch `__ 2018/08/20 +--------------------------------------------------------------------------------------------------- Improvements ^^^^^^^^^^^^ @@ -128,21 +145,21 @@ Bug fixes - Fix the Arch Linux's PKGBUILD -0.3.0 - `Dentalium elephantinum `__ 2018/07/17 ---------------------------------------------------------------------------------------------------------------- +0.3.0 - `Dentalium elephantinum `__ 2018/07/17 +------------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ -- Session cookies can now be `encrypted `__ -- Some occurrences of `type juggling `__ can now be eradicated -- It's `now possible `__ to hook `echo` and `print` +- Session cookies can now be `encrypted `__ +- Some occurrences of `type juggling `__ can now be eradicated +- It's `now possible `__ to hook `echo` and `print` Improvements ^^^^^^^^^^^^ -- The `.filename()` filter is `now matching `__ on the file where the function is called instead on the one where it's defined. -- Vastly `optimize `__ the way we hook native functions +- The `.filename()` filter is `now matching `__ on the file where the function is called instead on the one where it's defined. +- Vastly `optimize `__ the way we hook native functions - The format of the logs has been streamlined to ease their processing @@ -151,11 +168,11 @@ Bug fixes - Better handling of filters for built-in functions - Fix various possible integer overflows -- Fix an `annoying memory leak `__ impacting mostly `mod_php` +- Fix an `annoying memory leak `__ impacting mostly `mod_php` -0.2.2 - `Elephant Moraine `__ 2018/04/12 ---------------------------------------------------------------------------------------------------------- +0.2.2 - `Elephant Moraine `__ 2018/04/12 +------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ @@ -177,8 +194,8 @@ Bug fixes - Fix a crash related to variadic functions -0.2.1 - `Elephant Point `__ 2018/02/07 -------------------------------------------------------------------------------------------------------- +0.2.1 - `Elephant Point `__ 2018/02/07 +---------------------------------------------------------------------------------------------------- Bug fixes ^^^^^^^^^ @@ -194,8 +211,8 @@ Improvements - Improve a bit the portability of the code - Minor code simplification -0.2.0 - `Elephant Rally `__ - 2018/01/18 ---------------------------------------------------------------------------------------------------------- +0.2.0 - `Elephant Rally `__ - 2018/01/18 +------------------------------------------------------------------------------------------------------ New features ^^^^^^^^^^^^ @@ -226,7 +243,7 @@ External contributions - Simplification and clean up of our linked-list implementation by `smagnin `__ -0.1.0 - `Mighty Mammoth `__ - 2017/12/21 ---------------------------------------------------------------------------------------------------------- +0.1.0 - `Mighty Mammoth `__ - 2017/12/21 +------------------------------------------------------------------------------------------------------ - Initial release diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 6b0e210..213e27e 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,9 +1,9 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.5.1" +#define PHP_SNUFFLEUPAGUS_VERSION "0.6.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" -#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System" +#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2" -- cgit v1.3 From a1018f6c04982f850a9b78e1d1d2940211578b93 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 6 Nov 2020 17:43:40 +0100 Subject: We're not in beta anymore --- doc/source/conf.py | 2 +- doc/source/faq.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'doc/source') diff --git a/doc/source/conf.py b/doc/source/conf.py index 6680e9a..a150403 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -57,7 +57,7 @@ author = u'Sebastien Blot & Julien Voisin' # The short X.Y version. version = u'0.1' # The full version, including alpha/beta/rc tags. -release = u'beta' +release = u'stable' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/doc/source/faq.rst b/doc/source/faq.rst index 3c09409..be2c756 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -107,8 +107,8 @@ How mature is this project? """"""""""""""""""""""""""" This project has been floating around since early 2016 and we did the first commit -the 28ᵗʰ of December of the same year. We're currently in an beta phase, -finding and fixing as many bugs as possible before declaring it stable. +the 28ᵗʰ of December of the same year. It's currently stable, +and is usable and used in production. Are you saying that PHP isn't secure? """"""""""""""""""""""""""""""""""""" -- cgit v1.3 From aad2071f332b2847d565f33269581efdd03a679a Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 12 Nov 2020 20:07:49 +0100 Subject: Add a mention to the doc's propaganda page --- doc/source/papers.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 7b134b2..de85344 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -46,6 +46,11 @@ Mentions - `Habr - PHP-Дайджест № 160 `__ (ru) - Habr +2020 +"""" + +- `Modern PHP Security Part 2: Breaching and hardening the PHP engine `__ - Detectify's blog + Articles -------- -- cgit v1.3 From 29f8b9cb660f183c976f55604194bae84dd17108 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 12 Nov 2020 20:44:11 +0100 Subject: Document how to install snuffleupagus on cloudlinux --- doc/source/download.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'doc/source') diff --git a/doc/source/download.rst b/doc/source/download.rst index 1250b0e..22f54bb 100644 --- a/doc/source/download.rst +++ b/doc/source/download.rst @@ -13,6 +13,13 @@ Alpine Linux We're maintaining the `package in Alpine `__: you can simply ``apk add`` it. +CloudLinux +---------- + +Snuffleupagus is packaged there `since 2019 `__ (ru) - Habr - `Intrinsec's blog - Hack.lu 2017 `__ (fr) - Intrinsec's blog -- `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software `__ - 2017-12-12 +- `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software `__ 2018 """" - `Habr - PHP-Дайджест № 138 `__ (ru) - Habr - `PhpStorm's blog - PHP Annotated Monthly `__ - PhpStorm's blog +- `PHP Weekly `__ 2019 """" -- cgit v1.3 From 7767fb3605cdc530cc6b45ada2efaa2eb1f53a22 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 24 Nov 2020 18:56:30 +0100 Subject: Document that Snuffleupagus is available in Archlinux --- doc/source/download.rst | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'doc/source') diff --git a/doc/source/download.rst b/doc/source/download.rst index 22f54bb..9cfc6ee 100644 --- a/doc/source/download.rst +++ b/doc/source/download.rst @@ -4,8 +4,12 @@ Download Arch Linux ---------- -We're providing a `PKGBUILD `__, -so you can build a package yourself. +Thanks to `kpcyrd `__, Snuffleupagus is +`available `__ +in Archlinux' community repository. + +We're also providing a `PKGBUILD `__ +if you want to build the package yourself. Alpine Linux ------------ @@ -16,7 +20,7 @@ you can simply ``apk add`` it. CloudLinux ---------- -Snuffleupagus is packaged there `since 2019 `__: you can ``yum install alt-php*-snuffleupagus`` it. -- cgit v1.3 From 83b631a183c1df4233438459cb3386b715e4f2b3 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 29 Nov 2020 17:16:42 +0100 Subject: Document the `>` operator --- doc/source/config.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'doc/source') diff --git a/doc/source/config.rst b/doc/source/config.rst index 91e085c..dd30723 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst @@ -327,7 +327,10 @@ The ``function`` filter is able to do various dereferencing: - ``function("AwesomeClass::my_method")`` will match the method ``my_method`` in the class ``AwesomeClass`` - ``function("AwesomeNamespace\\my_function")`` will match the function ``my_function`` in the namespace ``AwesomeNamespace`` -The ``param`` filter is also able to do some dereferencing: +It's also able to have calltrace constrains: ``function(func1>func2)`` will +match only if ``func2`` is called **inside** of ``func1``. + +The ``param`` filter is able to do some dereferencing as well: - ``param($foo[bar])`` will get a match on the value corresponding to the ``bar`` key in the hashtable ``foo``. Remember that in PHP, almost every data structure is a hashtable. You can of course nest this like -- cgit v1.3 From 5be9082f148ab546a0317a28ef5267bb797feb53 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 29 Nov 2020 19:37:49 +0100 Subject: Make the `>` operator skip over functions --- doc/source/config.rst | 3 ++- src/sp_disabled_functions.c | 8 +++--- .../config_disabled_functions_chain_call_skip.ini | 1 + .../disabled_functions_chain_call_skip.phpt | 29 ++++++++++++++++++++++ 4 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 src/tests/disable_function/config/config_disabled_functions_chain_call_skip.ini create mode 100644 src/tests/disable_function/disabled_functions_chain_call_skip.phpt (limited to 'doc/source') diff --git a/doc/source/config.rst b/doc/source/config.rst index dd30723..258b1ab 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst @@ -328,7 +328,8 @@ The ``function`` filter is able to do various dereferencing: - ``function("AwesomeNamespace\\my_function")`` will match the function ``my_function`` in the namespace ``AwesomeNamespace`` It's also able to have calltrace constrains: ``function(func1>func2)`` will -match only if ``func2`` is called **inside** of ``func1``. +match only if ``func2`` is called **inside** of ``func1``. Do note that their +might be other functions called between them. The ``param`` filter is able to do some dereferencing as well: diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 7be1c34..7e6ca6a 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -40,7 +40,7 @@ static bool is_functions_list_matching(zend_execute_data* execute_data, sp_list_node* functions_list) { zend_execute_data *orig_execute_data, *current; orig_execute_data = current = execute_data; - sp_list_node* it = functions_list; + sp_list_node const * it = functions_list; while (current) { if (it == NULL) { // every function in the list matched, we've got a match! @@ -50,7 +50,7 @@ static bool is_functions_list_matching(zend_execute_data* execute_data, EG(current_execute_data) = current; - char* complete_path_function = get_complete_function_path(current); + char* const complete_path_function = get_complete_function_path(current); if (!complete_path_function) { break; } @@ -59,10 +59,8 @@ static bool is_functions_list_matching(zend_execute_data* execute_data, if (0 == match) { it = it->next; - current = current->prev_execute_data; - } else { - break; } + current = current->prev_execute_data; } EG(current_execute_data) = orig_execute_data; diff --git a/src/tests/disable_function/config/config_disabled_functions_chain_call_skip.ini b/src/tests/disable_function/config/config_disabled_functions_chain_call_skip.ini new file mode 100644 index 0000000..4d2f68d --- /dev/null +++ b/src/tests/disable_function/config/config_disabled_functions_chain_call_skip.ini @@ -0,0 +1 @@ +sp.disable_function.function("a>c").simulation().drop(); diff --git a/src/tests/disable_function/disabled_functions_chain_call_skip.phpt b/src/tests/disable_function/disabled_functions_chain_call_skip.phpt new file mode 100644 index 0000000..9ff84b9 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_chain_call_skip.phpt @@ -0,0 +1,29 @@ +--TEST-- +Disable functions by matching the calltrace, with a superfluous function in between +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_chain_call_skip.ini +--FILE-- + +--EXPECTF-- +I'm in the `a` function! +I'm in the `b` function! + +Warning: [snuffleupagus][0.0.0.0][disabled_function][simulation] Aborted execution on call of the function 'a>c' in %s/tests/disable_function/disabled_functions_chain_call_skip.php on line 12 +I'm in the `c` function! -- cgit v1.3 From 72d52e5b6933b44ab9f01bc22e3d264626716cd4 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 28 Dec 2020 19:08:48 +0100 Subject: Add a link to the propaganda page --- doc/source/papers.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index df5e6b0..807bdf7 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -84,8 +84,9 @@ Articles """" - `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP `__ (es) - linuxadictos.com -- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях `__ (ru) - rebeltech.ru +- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях `__ (ru) - opennet.ru - `Snuffleupagus versus recent high-profile vulnerabilities, again! `__ - dustri.org +- `Snuffleupagus, módulo para bloquear vulnerabilidades en aplicaciones PHP `__ - (es) - underc0de.org Papers -- cgit v1.3 From 7ae8050c4da5e6593458efa91c9b474681ba7d24 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 17:56:14 +0100 Subject: Linkify a bit the faq --- doc/source/faq.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/source') diff --git a/doc/source/faq.rst b/doc/source/faq.rst index be2c756..ff0aa09 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -39,14 +39,14 @@ we thought that using an elephant as a mascot would be a great idea. Who are you and why did you write Snuffleupagus? """""""""""""""""""""""""""""""""""""""""""""""" -We're working for `NBS System `__, +The project started at `NBS System `__, a web hosting company (meaning that we're dealing with PHP code all day long), with a strong focus on security. We do have several layers of hardening (`kernel `_, `WAF `_, `IDS `_, etc), but we had nothing for PHP7. -Nowadays, Snuffleupagus is maintained by Julien (jvoisin) Voisin. +Nowadays, Snuffleupagus is maintained by Julien (`jvoisin `__) Voisin. Why not Suhosin? -- cgit v1.3 From 95172eec6b7b591da84e826a14ca374b6f09e673 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 17:57:26 +0100 Subject: PHP7 is deprecated, consider it as such in the doc --- doc/source/faq.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/source') diff --git a/doc/source/faq.rst b/doc/source/faq.rst index ff0aa09..bdfc7c1 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -187,8 +187,8 @@ Will Snuffleupagus run on my old PHP 5? """"""""""""""""""""""""""""""""""""""" No. -Since PHP5 `will be deprecated at the end of 2018 `_, -you should think about moving to PHP7 anyway. You can (and should) use +Since PHP5 `is deprecated since the end of 2018 `_, +you should think about moving to PHP7. You can (and should) use `Suhosin `_ in the meantime. Help and support -- cgit v1.3 From 07833c5f250e778afc1a7ae17f6e37ffbc10b538 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 18:56:14 +0100 Subject: Refresh a bit the CVE in the documentation --- doc/source/features.rst | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'doc/source') diff --git a/doc/source/features.rst b/doc/source/features.rst index 0c23dc1..b3cdd9d 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst @@ -30,10 +30,13 @@ This feature is even more effective when used along with :ref:`readonly_exec `_: Authenticated remote code execution on Tuleap -- `CVE-2014-4688 `_: Authenticated remote code execution on pfSense -- `CVE-2014-1610 `_: Unauthenticated remote code execution on DokuWiki -- `CVE-2013-3630 `_: Authenticated remote code execution on Moodle +- `CVE-2013-3630 `__: Authenticated remote code execution in Moodle +- `CVE-2014-1610 `__: Unauthenticated remote code execution in DokuWiki +- `CVE-2014-4688 `__: Authenticated remote code execution in pfSense +- `CVE-2017-7981 `__: Authenticated remote code execution in Tuleap +- `CVE-2018-20434 `__: Authenticated remote code execution in LibreNMS +- `CVE-2020-5791 `__: Authenticated remote code execution in Nagios XI +- `CVE-2020-8813 `__: Unauthenticated remote code execution in Cacti - Every single `modem/router/switch/IoT/… `_. @@ -62,6 +65,7 @@ Examples of related vulnerabilities - `CVE-2016-10074 `_: remote code execution in SwiftMailer - `CVE-2016-10033 `_: remote code execution in PHPMailer - `CVE-2016-9920 `_: Unauthenticated remote code execution in Roundcube +- `CVE-2019-???? `__: Unauthenticated remote code execution in Horde .. _cookie-encryption-feature: @@ -115,6 +119,9 @@ Examples of related vulnerabilities - `CVE-2017-6090 `_: Unauthenticated remote code execution in PhpCollab - `EDB-38407 `_: Authenticated remote code execution in GLPI - `CVE-2013-5576 `_: Authenticated remote code execution in Joomla +- `CVE-2019-15813 `__: Authenticated remote code execution in Sentrifugo +- `CVE-2019-17132 `__: Authenticated remote code execution in vBulletin +- `CVE-2020-10682 `__: Authenticated remote code execution in CMS Made Simple - `EDB-19154 `_: Authenticated remote code execution in qdPM @@ -161,14 +168,17 @@ and the amount of control if provides to an attacker, like `CVE-2016-9137, CVE-2 Examples of related vulnerabilities """"""""""""""""""""""""""""""""""" -- `CVE-2016-???? `_: Unauthenticated remote code execution in Observium (leading to remote root) -- `CVE-2016-5726 `_: Unauthenticated remote code execution in Simple Machines Forums +- `CVE-2012-5692 `_: Unauthenticated remote code execution in IP.Board +- `CVE-2014-1691 `_: Unauthenticated remote code execution in Horde +- `CVE-2015-7808 `_: Unauthenticated remote code execution in vBulletin +- `CVE-2015-8562 `_: Unauthenticated remote code execution in Joomla - `CVE-2016-4010 `_: Unauthenticated remote code execution in Magento +- `CVE-2016-5726 `_: Unauthenticated remote code execution in Simple Machines Forums +- `CVE-2016-???? `_: Unauthenticated remote code execution in Observium (leading to remote root) - `CVE-2017-2641 `_: Unauthenticated remote code execution in Moodle -- `CVE-2015-8562 `_: Unauthenticated remote code execution in Joomla -- `CVE-2015-7808 `_: Unauthenticated remote code execution in vBulletin -- `CVE-2014-1691 `_: Unauthenticated remote code execution in Horde -- `CVE-2012-5692 `_: Unauthenticated remote code execution in IP.Board +- `CVE-2018-17057 `: Unauthenticated remote code execution in LimeSurvey +- `CVE-2018-19274 `__: Authenticated remote code execution in phpBB +- `CVE-2019-6340 `__: Unauthenticated remote code execution in Drupal .. _harden-rand-feature: -- cgit v1.3 From 4fc38589cd029bf5b980b118d89f9cc870fd7828 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 19:03:10 +0100 Subject: Mention PHP8's security features --- doc/source/features.rst | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'doc/source') diff --git a/doc/source/features.rst b/doc/source/features.rst index b3cdd9d..2eebc88 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst @@ -161,8 +161,10 @@ without the need to invalidate any data. A nice side-effect of this feature is that it will defeat various memory corruption issues related to the complexity of ``unserialize``'s implementation, -and the amount of control if provides to an attacker, like `CVE-2016-9137, CVE-2016-9138 `_, -`2016-7124 `_, `CVE-2016-5771 and CVE-2016-5773 `_. +and the amount of control if provides to an attacker, like `CVE-2016-9137, +CVE-2016-9138 `_, `2016-7124 +`_, `CVE-2016-5771 and CVE-2016-5773 +`_. Examples of related vulnerabilities @@ -327,6 +329,8 @@ and various other types mismatch. This feature is largely inspired from the `autostrict `_ module from `krakjoe `__. +PHP8 already has [this feature](https://wiki.php.net/rfc/consistent_type_errors) for internal functions. + .. _sloppy-comparisons-feature: @@ -349,6 +353,9 @@ but also the `in_array `__ and `array_keys `__ functions. +PHP8 is implementing [a subset](https://wiki.php.net/rfc/consistent_type_errors) of this feature. + + .. _readonly-exec-feature: Preventing execution of writable PHP files -- cgit v1.3 From 2269a64291cf670f60db3d5d90f67b209cc96f15 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 31 Dec 2020 19:32:21 +0100 Subject: Add an article to our propaganda page --- doc/source/papers.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 807bdf7..00ccb3d 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -39,6 +39,9 @@ Mentions - `Habr - PHP-Дайджест № 138 `__ (ru) - Habr - `PhpStorm's blog - PHP Annotated Monthly `__ - PhpStorm's blog - `PHP Weekly `__ +- `New variant in wp-gdpr-compliance vulnerability and fixing it with virtual + patching `__ + - alertot 2019 """" -- cgit v1.3 From 047b2d08a5d01c2c8654f16fb97bb99d0b25052b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 2 Jan 2021 19:22:07 +0100 Subject: Bump the changelog --- debian/changelog | 10 +++++++++- doc/source/changelog.rst | 21 +++++++++++++++++++++ src/php_snuffleupagus.h | 2 +- 3 files changed, 31 insertions(+), 2 deletions(-) (limited to 'doc/source') diff --git a/debian/changelog b/debian/changelog index 3177034..d0ab5e0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +snuffleupagus (0.7.0) UNRELEASED; urgency=medium + [ jvoisin ] + * PHP8 support + * Stacktraces in dumps + * The `>` operator skips over functions + * PCRE2 is used when possible + * The `generate_rules.php` script is now more portable + * The strict mode is now disableable + snuffleupagus (0.6.0) UNRELEASED; urgency=medium [ jvoisin ] @@ -12,7 +21,6 @@ snuffleupagus (0.6.0) UNRELEASED; urgency=medium -- jvoisin Fri, 06 Nov 2020 17:45:00 +0200 - snuffleupagus (0.5.1) UNRELEASED; urgency=medium [ jvoisin ] diff --git a/doc/source/changelog.rst b/doc/source/changelog.rst index b4b87b8..307c92c 100644 --- a/doc/source/changelog.rst +++ b/doc/source/changelog.rst @@ -1,6 +1,27 @@ Changelog ========= +0.7.0 - `Los Elefantes `__ 2021/01/02 +---------------------------------------------------------------------------------------------------------- + +New features +^^^^^^^^^^^^ +* PHP8 support +* Stacktraces in dumps +* The ``>`` operator now skips over functions + +Improvements +^^^^^^^^^^^^ +* Move the CI from travis to gitlab-ci +* Some code simplifications and constifications +* PCRE2 is now used when possible +* The ``generate_rules.php`` script is now more portable + +Bug fixes +^^^^^^^^^ +* The strict mode is now disableable + + 0.6.0 - `Elephant in the room `__ 2020/11/06 ---------------------------------------------------------------------------------------------------------- diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 02b464e..dc0a471 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,7 +1,7 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.6.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.7.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin" #define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" -- cgit v1.3 From e334be58b9baef8c050925e74fc96b3911c5ea51 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 3 Jan 2021 13:10:00 +0100 Subject: Mention in the documentation that SP now supports PHP8+ as well --- doc/source/index.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'doc/source') diff --git a/doc/source/index.rst b/doc/source/index.rst index 955cebb..443abf6 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -1,7 +1,8 @@ Snuffleupagus ============= -Snuffleupagus is a `PHP7+ `_ +Snuffleupagus is a `PHP7+ `__ and +`PHP8+ `__ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. -- cgit v1.3 From ffbe4007d0d4a1b042e2ee5f0bd952927a5504bb Mon Sep 17 00:00:00 2001 From: jvoisin Date: Wed, 6 Jan 2021 11:09:13 +0100 Subject: Add an article to the propaganda page --- doc/source/papers.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index 00ccb3d..deab9cb 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -91,6 +91,11 @@ Articles - `Snuffleupagus versus recent high-profile vulnerabilities, again! `__ - dustri.org - `Snuffleupagus, módulo para bloquear vulnerabilidades en aplicaciones PHP `__ - (es) - underc0de.org +2021 +"""" + +- `Sortie de Snuffleupagus 0.7.0 - Los Elefantes `__ (fr) - linuxfr + Papers ------ -- cgit v1.3 From 484bb5613be54cc37d7b2136eca9e2f4e3eb6f1a Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 23 Jan 2021 18:14:02 +0100 Subject: Add an article to the propaganda section --- doc/source/papers.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'doc/source') diff --git a/doc/source/papers.rst b/doc/source/papers.rst index deab9cb..3cdb909 100644 --- a/doc/source/papers.rst +++ b/doc/source/papers.rst @@ -55,6 +55,12 @@ Mentions - `Modern PHP Security Part 2: Breaching and hardening the PHP engine `__ - Detectify's blog +2021 +"""" + +- `Habr - PHP Дайджест № 196 `__ (ru) - Habr + + Articles -------- -- cgit v1.3 From cecfdd808da67be908dbe7144cc8c74dfb3f855e Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 15 Feb 2021 13:46:03 +0100 Subject: Add a link to Debian's bug for packaging Snuffleupagus --- doc/source/download.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'doc/source') diff --git a/doc/source/download.rst b/doc/source/download.rst index 9cfc6ee..a41af12 100644 --- a/doc/source/download.rst +++ b/doc/source/download.rst @@ -31,6 +31,9 @@ We're currently not providing a Debian/Ubuntu repository, but you can grab the latest release on `github `__, or build your own package by cloning the source code and typing ``make debian``. +There is a `bug open `__ +Debian-side to track the inclusion. + Fedora ------ -- cgit v1.3