From owner-svn-ports-head@freebsd.org Sun Dec 24 13:11:43 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93AADE8D6AA; Sun, 24 Dec 2017 13:11:43 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5558978E88; Sun, 24 Dec 2017 13:11:43 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vBODBgU1084347; Sun, 24 Dec 2017 13:11:42 GMT (envelope-from joneum@FreeBSD.org) Received: (from joneum@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vBODBgrA084341; Sun, 24 Dec 2017 13:11:42 GMT (envelope-from joneum@FreeBSD.org) Message-Id: <201712241311.vBODBgrA084341@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: joneum set sender to joneum@FreeBSD.org using -f From: Jochen Neumeister Date: Sun, 24 Dec 2017 13:11:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r457156 - in head/security: . snuffleupagus snuffleupagus/files X-SVN-Group: ports-head X-SVN-Commit-Author: joneum X-SVN-Commit-Paths: in head/security: . snuffleupagus snuffleupagus/files X-SVN-Commit-Revision: 457156 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Dec 2017 13:11:43 -0000 Author: joneum Date: Sun Dec 24 13:11:41 2017 New Revision: 457156 URL: https://svnweb.freebsd.org/changeset/ports/457156 Log: New port: security/snuffleupagus Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. WWW: https://snuffleupagus.readthedocs.io/ PR: 224545 Submitted by: Franco Fichtner (maintainer) Approved by: rene (mentor) Differential Revision: https://reviews.freebsd.org/D13606 Added: head/security/snuffleupagus/ head/security/snuffleupagus/Makefile (contents, props changed) head/security/snuffleupagus/distinfo (contents, props changed) head/security/snuffleupagus/files/ head/security/snuffleupagus/files/patch-sp__network__utils.c (contents, props changed) head/security/snuffleupagus/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Sun Dec 24 13:01:36 2017 (r457155) +++ head/security/Makefile Sun Dec 24 13:11:41 2017 (r457156) @@ -1174,6 +1174,7 @@ SUBDIR += snortreport SUBDIR += snortsam SUBDIR += snortsnarf + SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel SUBDIR += softhsm Added: head/security/snuffleupagus/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snuffleupagus/Makefile Sun Dec 24 13:11:41 2017 (r457156) @@ -0,0 +1,28 @@ +# $FreeBSD$ + +PORTNAME= snuffleupagus +DISTVERSIONPREFIX=v +DISTVERSION= 0.1.0 +CATEGORIES= security + +MAINTAINER= franco@opnsense.org +COMMENT= Security module for PHP 7+ + +LICENSE= LGPL3 +LICENSE_FILE= ${WRKSRC}/../LICENSE + +IGNORE_WITH_PHP=56 + +LIB_DEPENDS= libpcre.so:devel/pcre + +WRKSRC_SUBDIR= src + +USES= localbase:ldflags php:ext +USE_PHP= hash:build + +USE_GITHUB= yes +GH_ACCOUNT= nbs-system + +CONFIGURE_ARGS= --enable-snuffleupagus + +.include Added: head/security/snuffleupagus/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snuffleupagus/distinfo Sun Dec 24 13:11:41 2017 (r457156) @@ -0,0 +1,3 @@ +TIMESTAMP = 1513844643 +SHA256 (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 7b3432e46ecdd1eb78666ee03475bbc2e50b1bd4de71a8d5a03c7d90168a004a +SIZE (nbs-system-snuffleupagus-v0.1.0_GH0.tar.gz) = 3898803 Added: head/security/snuffleupagus/files/patch-sp__network__utils.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snuffleupagus/files/patch-sp__network__utils.c Sun Dec 24 13:11:41 2017 (r457156) @@ -0,0 +1,18 @@ +--- sp_network_utils.c.orig 2017-12-21 22:34:33 UTC ++++ sp_network_utils.c +@@ -23,15 +23,8 @@ static inline bool cidr4_match(const str + + static inline bool cidr6_match(const struct in6_addr address, + const struct in6_addr network, uint8_t bits) { +- //#ifdef LINUX +- const uint32_t *a = address.s6_addr32; +- const uint32_t *n = network.s6_addr32; +- /* +-#else + const uint32_t *a = address.__u6_addr.__u6_addr32; + const uint32_t *n = network.__u6_addr.__u6_addr32; +-#endif +-*/ + int bits_whole = bits >> 5; // number of whole u32 + int bits_incomplete = bits & 0x1F; // number of bits in incomplete u32 + if (bits_whole) { Added: head/security/snuffleupagus/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snuffleupagus/pkg-descr Sun Dec 24 13:11:41 2017 (r457156) @@ -0,0 +1,7 @@ +Snuffleupagus is a PHP7+ module designed to drastically raise the cost +of attacks against websites. This is achieved by killing entire bug +classes and providing a powerful virtual-patching system, allowing the +administrator to fix specific vulnerabilities without having to touch +the PHP code. + +WWW: https://snuffleupagus.readthedocs.io/