Pre-release MISP 2.5 and PHP 8.2

MISP · Sep 17, 2024 · a02bfa4 · a02bfa4
1 parent beb62e4
commit a02bfa4
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 40 deletions.
diff --git a/core/Dockerfile b/core/Dockerfile
@@ -12,9 +12,6 @@ FROM "${DOCKER_HUB_PROXY}python:3.12-slim-bookworm" AS php-base
         lsb-release \
         ca-certificates \
         curl
-    RUN curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
-    RUN dpkg -i /tmp/debsuryorg-archive-keyring.deb
-    RUN echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
     RUN apt-get update
 
 
@@ -25,18 +22,18 @@ FROM php-base AS composer-build
     ARG CORE_COMMIT
 
     RUN apt-get install -y --no-install-recommends \
-        php7.4 \
-        php7.4-apcu \
-        php7.4-curl \
-        php7.4-xml \
-        php7.4-intl \
-        php7.4-bcmath \
-        php7.4-mbstring \
-        php7.4-mysql \
-        php7.4-redis \
-        php7.4-gd \
-        php7.4-fpm \
-        php7.4-zip \
+        php8.2 \
+        php8.2-apcu \
+        php8.2-curl \
+        php8.2-xml \
+        php8.2-intl \
+        php8.2-bcmath \
+        php8.2-mbstring \
+        php8.2-mysql \
+        php8.2-redis \
+        php8.2-gd \
+        php8.2-fpm \
+        php8.2-zip \
         unzip \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
@@ -64,10 +61,11 @@ FROM php-base AS php-build
     RUN apt-get install -y --no-install-recommends \
         gcc \
         g++ \
+        git \
         make \
-        php7.4 \
-        php7.4-dev \
-        php7.4-xml \
+        php8.2 \
+        php8.2-dev \
+        php8.2-xml \
         php-pear \
         libbrotli-dev \
         libfuzzy-dev \
@@ -76,18 +74,20 @@ FROM php-base AS php-build
         libzstd-dev \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
-    RUN update-alternatives --set php /usr/bin/php7.4
-    RUN update-alternatives --set php-config /usr/bin/php-config7.4
-    RUN update-alternatives --set phpize /usr/bin/phpize7.4
+    RUN update-alternatives --set php /usr/bin/php8.2
+    RUN update-alternatives --set php-config /usr/bin/php-config8.2
+    RUN update-alternatives --set phpize /usr/bin/phpize8.2
 
     RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib
     RUN pecl channel-update pecl.php.net && \
-        pecl install ssdeep && \
         pecl install rdkafka && \
         pecl install simdjson && \
         pecl install zstd && \
         pecl install brotli
 
+    # install pect-text-ssdeep 1.2
+    RUN git clone --recursive --depth=1 https://github.com/JakubOnderka/pecl-text-ssdeep.git /tmp/pecl-text-ssdeep
+    RUN cd /tmp/pecl-text-ssdeep && phpize && ./configure && make && make install
 
 FROM php-base AS python-build
     ENV DEBIAN_FRONTEND noninteractive   
@@ -186,19 +186,19 @@ FROM php-base
         mariadb-client \
         rsync \
         # PHP Requirements
-        php7.4 \
-        php7.4-apcu \
-        php7.4-curl \
-        php7.4-xml \
-        php7.4-intl \
-        php7.4-bcmath \
-        php7.4-mbstring \
-        php7.4-mysql \
-        php7.4-redis \
-        php7.4-gd \
-        php7.4-fpm \
-        php7.4-zip \
-        php7.4-ldap \
+        php8.2 \
+        php8.2-apcu \
+        php8.2-curl \
+        php8.2-xml \
+        php8.2-intl \
+        php8.2-bcmath \
+        php8.2-mbstring \
+        php8.2-mysql \
+        php8.2-redis \
+        php8.2-gd \
+        php8.2-fpm \
+        php8.2-zip \
+        php8.2-ldap \
         libmagic1 \
         libldap-common \
         librdkafka1 \
@@ -213,7 +213,7 @@ FROM php-base
         curl jq \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
-    RUN update-alternatives --set php /usr/bin/php7.4
+    RUN update-alternatives --set php /usr/bin/php8.2
 
     # Install python modules
     COPY --from=python-build /wheels /wheels

diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh
@@ -33,7 +33,7 @@ change_php_vars() {
 echo "Configure PHP | Change PHP values ..." && change_php_vars
 
 echo "Configure PHP | Starting PHP FPM"
-/usr/sbin/php-fpm7.4 -R -F & master_pid=$!
+/usr/sbin/php-fpm8.2 -R -F & master_pid=$!
 
 # Wait for it
 wait "$master_pid"
diff --git a/core/files/etc/nginx/includes/misp b/core/files/etc/nginx/includes/misp
@@ -24,7 +24,7 @@ location / {
 
 location ~ ^/[^/]+\.php(/|$) {
     include snippets/fastcgi-php.conf;
-    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+    fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
     fastcgi_read_timeout 300s;
     fastcgi_send_timeout 300s;
     fastcgi_connect_timeout 300s;

diff --git a/core/patches/ssdeep.patch b/core/patches/ssdeep.patch
@@ -0,0 +1,29 @@
+From 369e87e7469fd3e30bf46cff9f12f0d5bfc9e611 Mon Sep 17 00:00:00 2001
+From: Remi Collet <[email protected]>
+Date: Fri, 4 Sep 2020 14:47:29 +0200
+Subject: [PATCH] fix for PHP 8
+
+---
+ ssdeep.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/ssdeep.c b/ssdeep.c
+index 00e91e5..4dee7e2 100644
+--- a/ssdeep.c
++++ b/ssdeep.c
+@@ -48,6 +48,15 @@
+ #include "php_ssdeep.h"
+ #include <fuzzy.h>
+
++/* For PHP 8 */
++#ifndef TSRMLS_D
++#define TSRMLS_D void
++#define TSRMLS_DC
++#define TSRMLS_C
++#define TSRMLS_CC
++#define TSRMLS_FETCH()
++#endif
++
+ /* True global resources - no need for thread safety here */
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ssdeep_fuzzy_hash, 0, 0, 1)
+     ZEND_ARG_INFO(0, to_hash)
diff --git a/template.env b/template.env
@@ -4,7 +4,7 @@
 
 CORE_TAG=v2.4.198
 MODULES_TAG=v2.4.197
-PHP_VER=20190902
+PHP_VER=20220829
 LIBFAUP_COMMIT=3a26d0a
 
 # PYPY_* vars take precedence over MISP's
@@ -20,7 +20,7 @@ LIBFAUP_COMMIT=3a26d0a
 # PYPI_MISP_STIX_VERSION"==2.4.194"
 
 # CORE_COMMIT takes precedence over CORE_TAG
-# CORE_COMMIT=c56d537
+CORE_COMMIT=6df1cc7
 # MODULES_COMMIT takes precedence over MODULES_TAG
 # MODULES_COMMIT=de69ae3