svn commit: r457156 - in head/security: . snuffleupagus snuffleupagus/files
Jochen Neumeister
joneum at FreeBSD.org
Sun Dec 24 13:11:43 UTC 2017
Author: joneum
Date: Sun Dec 24 13:11:41 2017
New Revision: 457156
URL: https://svnweb.freebsd.org/changeset/ports/457156
Log:
New port: security/snuffleupagus
Snuffleupagus is a PHP7+ module designed to drastically raise the cost
of attacks against websites. This is achieved by killing entire bug
classes and providing a powerful virtual-patching system, allowing the
administrator to fix specific vulnerabilities without having to touch
the PHP code.
WWW: https://snuffleupagus.readthedocs.io/
PR: 224545
Submitted by: Franco Fichtner <franco at opnsense.org> (maintainer)
Approved by: rene (mentor)
Differential Revision: https://reviews.freebsd.org/D13606
Added:
head/security/snuffleupagus/
head/security/snuffleupagus/Makefile (contents, props changed)
head/security/snuffleupagus/distinfo (contents, props changed)
head/security/snuffleupagus/files/
head/security/snuffleupagus/files/patch-sp__network__utils.c (contents, props changed)
head/security/snuffleupagus/pkg-descr (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Sun Dec 24 13:01:36 2017 (r457155)
+++ head/security/Makefile Sun Dec 24 13:11:41 2017 (r457156)
@@ -1174,6 +1174,7 @@
SUBDIR += snortreport
SUBDIR += snortsam
SUBDIR += snortsnarf
+ SUBDIR += snuffleupagus
SUBDIR += softether
SUBDIR += softether-devel
SUBDIR += softhsm
Added: head/security/snuffleupagus/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snuffleupagus/Makefile Sun Dec 24 13:11:41 2017 (r457156)
@@ -0,0 +1,28 @@
+# $FreeBSD$
+
+PORTNAME= snuffleupagus
+DISTVERSIONPREFIX=v
+DISTVERSION= 0.1.0
+CATEGORIES= security
+
+MAINTAINER= franco at opnsense.org
+COMMENT= Security module for PHP 7+
+
+LICENSE= LGPL3
+LICENSE_FILE= ${WRKSRC}/../LICENSE
+
+IGNORE_WITH_PHP=56
+
+LIB_DEPENDS= libpcre.so:devel/pcre
+
+WRKSRC_SUBDIR= src
+
+USES= localbase:ldflags php:ext
+USE_PHP= hash:build
+
+USE_GITHUB= yes
+GH_ACCOUNT= nbs-system
+
+CONFIGURE_ARGS= --enable-snuffleupagus
+
+.include <bsd.port.mk>
Added: head/security/snuffleupagus/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snuffleupagus/distinfo Sun Dec 24 13:11:41 2017 (r457156)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1513844643
+SHA256 (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 7b3432e46ecdd1eb78666ee03475bbc2e50b1bd4de71a8d5a03c7d90168a004a
+SIZE (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 3898803
Added: head/security/snuffleupagus/files/patch-sp__network__utils.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snuffleupagus/files/patch-sp__network__utils.c Sun Dec 24 13:11:41 2017 (r457156)
@@ -0,0 +1,18 @@
+--- sp_network_utils.c.orig 2017-12-21 22:34:33 UTC
++++ sp_network_utils.c
+@@ -23,15 +23,8 @@ static inline bool cidr4_match(const str
+
+ static inline bool cidr6_match(const struct in6_addr address,
+ const struct in6_addr network, uint8_t bits) {
+- //#ifdef LINUX
+- const uint32_t *a = address.s6_addr32;
+- const uint32_t *n = network.s6_addr32;
+- /*
+-#else
+ const uint32_t *a = address.__u6_addr.__u6_addr32;
+ const uint32_t *n = network.__u6_addr.__u6_addr32;
+-#endif
+-*/
+ int bits_whole = bits >> 5; // number of whole u32
+ int bits_incomplete = bits & 0x1F; // number of bits in incomplete u32
+ if (bits_whole) {
Added: head/security/snuffleupagus/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/snuffleupagus/pkg-descr Sun Dec 24 13:11:41 2017 (r457156)
@@ -0,0 +1,7 @@
+Snuffleupagus is a PHP7+ module designed to drastically raise the cost
+of attacks against websites. This is achieved by killing entire bug
+classes and providing a powerful virtual-patching system, allowing the
+administrator to fix specific vulnerabilities without having to touch
+the PHP code.
+
+WWW: https://snuffleupagus.readthedocs.io/
More information about the svn-ports-head
mailing list