New port: security/snuffleupagus

Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. WWW: https://snuffleupagus.readthedocs.io/ PR: 224545 Submitted by: Franco Fichtner <franco@opnsense.org> (maintainer) Approved by: rene (mentor) Differential Revision: https://reviews.freebsd.org/D13606
svn path=/head/; revision=457156
2025-01-19 08:13:21 +00:00 · 2017-12-24 13:11:41 +00:00 · 2017-12-24 13:11:41 +00:00 · e3f0c03466 · 2021-03-31 03:12:20 +00:00
commit e3f0c03466
parent ff2bee6b2a
5 changed files with 57 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -1174,6 +1174,7 @@
    SUBDIR += snortreport
    SUBDIR += snortsam
    SUBDIR += snortsnarf
+    SUBDIR += snuffleupagus
    SUBDIR += softether
    SUBDIR += softether-devel
    SUBDIR += softhsm
--- a/security/snuffleupagus/Makefile
+++ b/security/snuffleupagus/Makefile
@ -0,0 +1,28 @@
+# $FreeBSD$
+
+PORTNAME=	snuffleupagus
+DISTVERSIONPREFIX=v
+DISTVERSION=	0.1.0
+CATEGORIES=	security
+
+MAINTAINER=	franco@opnsense.org
+COMMENT=	Security module for PHP 7+
+
+LICENSE=	LGPL3
+LICENSE_FILE=	${WRKSRC}/../LICENSE
+
+IGNORE_WITH_PHP=56
+
+LIB_DEPENDS=	libpcre.so:devel/pcre
+
+WRKSRC_SUBDIR=	src
+
+USES=		localbase:ldflags php:ext
+USE_PHP=	hash:build
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	nbs-system
+
+CONFIGURE_ARGS=	--enable-snuffleupagus
+
+.include <bsd.port.mk>
--- a/security/snuffleupagus/distinfo
+++ b/security/snuffleupagus/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1513844643
+SHA256 (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 7b3432e46ecdd1eb78666ee03475bbc2e50b1bd4de71a8d5a03c7d90168a004a
+SIZE (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 3898803
--- a/security/snuffleupagus/files/patch-spnetworkutils.c
+++ b/security/snuffleupagus/files/patch-spnetworkutils.c
@ -0,0 +1,18 @@
+--- sp_network_utils.c.orig	2017-12-21 22:34:33 UTC
+++ sp_network_utils.c
+@@ -23,15 +23,8 @@ static inline bool cidr4_match(const str
+ 
+ static inline bool cidr6_match(const struct in6_addr address,
+                                const struct in6_addr network, uint8_t bits) {
+-  //#ifdef LINUX
+-  const uint32_t *a = address.s6_addr32;
+-  const uint32_t *n = network.s6_addr32;
+-  /*
+-#else
+   const uint32_t *a = address.__u6_addr.__u6_addr32;
+   const uint32_t *n = network.__u6_addr.__u6_addr32;
+-#endif
+-*/
+   int bits_whole = bits >> 5;         // number of whole u32
+   int bits_incomplete = bits & 0x1F;  // number of bits in incomplete u32
+   if (bits_whole) {
--- a/security/snuffleupagus/pkg-descr
+++ b/security/snuffleupagus/pkg-descr
@ -0,0 +1,7 @@
+Snuffleupagus is a PHP7+ module designed to drastically raise the cost
+of attacks against websites.  This is achieved by killing entire bug
+classes and providing a powerful virtual-patching system, allowing the
+administrator to fix specific vulnerabilities without having to touch
+the PHP code.
+
+WWW: https://snuffleupagus.readthedocs.io/