aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJochen Neumeister <joneum@FreeBSD.org>2017-12-24 21:11:41 +0800
committerJochen Neumeister <joneum@FreeBSD.org>2017-12-24 21:11:41 +0800
commite3f0c0346664f0dc03d861169921e633a550d318 (patch)
treee1f6adcca6a88b4d13893b9f6e399f5888a0a4f4 /security
parentff2bee6b2a28d6c4dd1bc281398f258e392a5fa2 (diff)
downloadfreebsd-ports-gnome-e3f0c0346664f0dc03d861169921e633a550d318.tar.gz
freebsd-ports-gnome-e3f0c0346664f0dc03d861169921e633a550d318.tar.zst
freebsd-ports-gnome-e3f0c0346664f0dc03d861169921e633a550d318.zip
New port: security/snuffleupagus
Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. WWW: https://snuffleupagus.readthedocs.io/ PR: 224545 Submitted by: Franco Fichtner <franco@opnsense.org> (maintainer) Approved by: rene (mentor) Differential Revision: https://reviews.freebsd.org/D13606
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/snuffleupagus/Makefile28
-rw-r--r--security/snuffleupagus/distinfo3
-rw-r--r--security/snuffleupagus/files/patch-sp__network__utils.c18
-rw-r--r--security/snuffleupagus/pkg-descr7
5 files changed, 57 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 0d874258afa1..59cc1c4d41f7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1174,6 +1174,7 @@
SUBDIR += snortreport
SUBDIR += snortsam
SUBDIR += snortsnarf
+ SUBDIR += snuffleupagus
SUBDIR += softether
SUBDIR += softether-devel
SUBDIR += softhsm
diff --git a/security/snuffleupagus/Makefile b/security/snuffleupagus/Makefile
new file mode 100644
index 000000000000..dc4748d36bd3
--- /dev/null
+++ b/security/snuffleupagus/Makefile
@@ -0,0 +1,28 @@
+# $FreeBSD$
+
+PORTNAME= snuffleupagus
+DISTVERSIONPREFIX=v
+DISTVERSION= 0.1.0
+CATEGORIES= security
+
+MAINTAINER= franco@opnsense.org
+COMMENT= Security module for PHP 7+
+
+LICENSE= LGPL3
+LICENSE_FILE= ${WRKSRC}/../LICENSE
+
+IGNORE_WITH_PHP=56
+
+LIB_DEPENDS= libpcre.so:devel/pcre
+
+WRKSRC_SUBDIR= src
+
+USES= localbase:ldflags php:ext
+USE_PHP= hash:build
+
+USE_GITHUB= yes
+GH_ACCOUNT= nbs-system
+
+CONFIGURE_ARGS= --enable-snuffleupagus
+
+.include <bsd.port.mk>
diff --git a/security/snuffleupagus/distinfo b/security/snuffleupagus/distinfo
new file mode 100644
index 000000000000..cfc74de7b7d6
--- /dev/null
+++ b/security/snuffleupagus/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1513844643
+SHA256 (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 7b3432e46ecdd1eb78666ee03475bbc2e50b1bd4de71a8d5a03c7d90168a004a
+SIZE (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 3898803
diff --git a/security/snuffleupagus/files/patch-sp__network__utils.c b/security/snuffleupagus/files/patch-sp__network__utils.c
new file mode 100644
index 000000000000..801a355db758
--- /dev/null
+++ b/security/snuffleupagus/files/patch-sp__network__utils.c
@@ -0,0 +1,18 @@
+--- sp_network_utils.c.orig 2017-12-21 22:34:33 UTC
++++ sp_network_utils.c
+@@ -23,15 +23,8 @@ static inline bool cidr4_match(const str
+
+ static inline bool cidr6_match(const struct in6_addr address,
+ const struct in6_addr network, uint8_t bits) {
+- //#ifdef LINUX
+- const uint32_t *a = address.s6_addr32;
+- const uint32_t *n = network.s6_addr32;
+- /*
+-#else
+ const uint32_t *a = address.__u6_addr.__u6_addr32;
+ const uint32_t *n = network.__u6_addr.__u6_addr32;
+-#endif
+-*/
+ int bits_whole = bits >> 5; // number of whole u32
+ int bits_incomplete = bits & 0x1F; // number of bits in incomplete u32
+ if (bits_whole) {
diff --git a/security/snuffleupagus/pkg-descr b/security/snuffleupagus/pkg-descr
new file mode 100644
index 000000000000..9cd8f5ff0e1f
--- /dev/null
+++ b/security/snuffleupagus/pkg-descr
@@ -0,0 +1,7 @@
+Snuffleupagus is a PHP7+ module designed to drastically raise the cost
+of attacks against websites. This is achieved by killing entire bug
+classes and providing a powerful virtual-patching system, allowing the
+administrator to fix specific vulnerabilities without having to touch
+the PHP code.
+
+WWW: https://snuffleupagus.readthedocs.io/
generated by cgit (git 2.34.1) at 2025-02-12 23:45:48 +0800