%s/nbs-system/jvoisin

Since I'm the only one to maintain Snuffleupagus,
let's adjust the links and contact addresses
of my fork, to point to well… my fork.

APKBUILD

@@ -1,4 +1,4 @@
-# Maintainer: <secu@nbs-system.com>
+# Maintained by Julien (jvoisin) Voisin <julien.voisin+snuffleupagus@dustri.org>
 pkgname="php7-snuffleupagus"
 _pkgname="snuffleupagus"
 pkgver=0.1
@@ -10,7 +10,7 @@ license="LGPL3"
 depends="php7-dev php7-fpm"
 source=""
 
-_giturl="https://github.com/nbs-system/snuffleupagus.git"
+_giturl="https://github.com/jvoisin/snuffleupagus.git"
 
 prepare() {
   default_prepare

CONTRIBUTING.md

@@ -6,9 +6,9 @@ First off, thank you for considering contributing to snuffleupagus.
 
 If you've noticed a bug or have a question,
 look at the [faq](https://snuffleupagus.readthedocs.io/faq.html) and
-[search the issue tracker](https://github.com/nbs-system/snuffleupagus/issues)
+[search the issue tracker](https://github.com/jvoisin/snuffleupagus/issues)
 to see if someone else has already created a ticket. If not, go ahead and
-[make one](https://github.com/nbs-system/snuffleupagus/issues/new)!
+[make one](https://github.com/jvoisin/snuffleupagus/issues/new)!
 
 ### 2. Fork & create a branch
 
@@ -28,7 +28,7 @@ Just type `make coverage` or `make debug`, the testsuite should be run
 automatically.
 
 Please add tests if you're fixing a bug or adding a new feature: we do have a
-[high coverage](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master)
+[high coverage](https://coveralls.io/github/jvoisin/snuffleupagus?branch=master)
 (functions, lines and branches), and intend to keep it that way.
 
 #### 3.3 Debugging failures in the test suite
@@ -45,9 +45,9 @@ launching it, in order to run the failing test inside GDB.
 ### 4. Did you find a bug?
 
 * **Ensure the bug was not already reported** by
-  [searching all issues](https://github.com/nbs-system/snuffleupagus/issues?q=).
+  [searching all issues](https://github.com/jvoisin/snuffleupagus/issues?q=).
 * If you're unable to find an open issue addressing the problem,
-  [open a new one](https://github.com/nbs-system/snuffleupagus/issues/new).
+  [open a new one](https://github.com/jvoisin/snuffleupagus/issues/new).
   Be sure to include a **title and clear description**,
   as much relevant information as possible, and a **code sample**
   or an **executable test case** demonstrating the expected behavior that is not
@@ -67,7 +67,7 @@ At this point, you should switch back to your master branch and make sure it's
 up to date with our upstream master branch:
 
 ```sh
-git remote add upstream git@github.com:nbs-system/snuffleupagus.git
+git remote add upstream git@github.com:jvoisin/snuffleupagus.git
 git checkout master
 git pull upstream master
 ```
@@ -82,7 +82,7 @@ git push --set-upstream origin 325-kill-sql-injections
 
 Finally, go to GitHub and [make a Pull Request](https://help.github.com/articles/creating-a-pull-request) :D
 
-Travis CI will [run our test suite](https://travis-ci.org/nbs-system/snuffleupagus)
+Travis CI will [run our test suite](https://travis-ci.org/jvoisin/snuffleupagus)
 against all supported PHP versions. We care about quality, so your PR won't be
 merged until all tests pass. It's unlikely, but it's possible that your changes
 pass tests in one PHP version but fail in another. In that case, you'll have to
@@ -121,7 +121,7 @@ Maintainers need to do the following to push out a release:
 
 1. Make sure that all pending and mergeable pull requests are in
 2. Close the corresponding
-	 [milestone](https://github.com/nbs-system/snuffleupagus/milestones)
+	 [milestone](https://github.com/jvoisin/snuffleupagus/milestones)
 2. Run `valgrind` (by adding a `-m` after the `-q` in the Makefile) and check that everything is ok.
    Don't mind the python-related issues.
 3. Update the `src/php_snuffleupagus.h` according to [semantic versioning](https://semver.org/)
@@ -132,15 +132,13 @@ Maintainers need to do the following to push out a release:
 8. Create a tag for the release:
 
   ```sh
-  git config user.signingkey 498C46FF087EDC36E7EAF9D445414A82A9B22D78
-  git config user.email security@nbs-system.com
   git tag -s v$MAJOR.$MINOR.$PATCH -m "v$MAJOR.$MINOR.$PATCH"
   git push --tags
 	git push origin master
   ```
 
 9. Build the debian package with `make debian`
-10. Create the [release on github](https://github.com/nbs-system/snuffleupagus/releases)
+10. Create the [release on github](https://github.com/jvoisin/snuffleupagus/releases)
 11. Add the freshly built Debian package to the release
 12. Publish a [tweet](https://twitter.com/sp_php)
 13. Do the *secret release dance*

PKGBUILD

@@ -1,4 +1,4 @@
-# Maintainer NBS System Security Team <secu@nbs-system.com>
+# Maintained by Julien (jvoisin) Voisin <julien.voisin+snuffleupagus@dustri.org>
 pkgname="snuffleupagus"
 pkgver=r169.424845a
 pkgrel=1
@@ -8,7 +8,7 @@ arch=('i686' 'x86_64')
 license=('LGPL3')
 depends=('php' 'php-fpm')
 checkdepends=()
-source=("${pkgname}::git+https://github.com/nbs-system/${pkgname}.git")
+source=("${pkgname}::git+https://github.com/jvoisin/${pkgname}.git")
 md5sums=('SKIP')
 
 pkgver() {

debian/control

@@ -1,11 +1,11 @@
 Source: snuffleupagus
 Priority: optional
-Maintainer: NBS System <snuffleupagus@nbs-system.com>
+Maintainer: Julien (jvoisin) Voisin <julien.voisin+snuffleupagus@dustri.org>
 Build-Depends: debhelper (>= 9), php7.0-dev | php7.1-dev | php7.2-dev
 Standards-Version: 4.1.3
-Homepage: https://snuffleupagus.fr
+Homepage: https://github.com/jvoisin/snuffleupagus
 Section: php
-Vcs-Git: https://github.com/nbs-system/snuffleupagus
+Vcs-Git: https://github.com/jvoisin/snuffleupagus
 
 Package: snuffleupagus
 Architecture: any

debian/copyright

@@ -1,7 +1,7 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: Snuffleupagus
-Upstream-Contact: NBS System <snuffleupagus@nbs-system.com>
-Source: https://github.com/nbs-system/snuffleupagus
+Upstream-Contact: Julien (jvoisin) Voisin <julien.voisin+snuffleupagus@dustri.org>
+Source: https://github.com/jvoisin/snuffleupagus
 
 Files: *
 Copyright: 2017 NBS System

debian/watch

@@ -1,2 +1,2 @@
 version=3
-https://github.com/nbs-system/snuffleupagus/tags /nbs-system/snuffleupagus/archive/snuffleupagus-([0-9.]+)\.tar\.(gz|xz|bz2)
+https://github.com/jvoisin/snuffleupagus/tags /jvoisin/snuffleupagus/archive/snuffleupagus-([0-9.]+)\.tar\.(gz|xz|bz2)

doc/source/config.rst

@@ -199,8 +199,8 @@ argument and various information about it in the environment:
 
 This feature can be used, for example, to check if an uploaded file contains php
 code, using `vld <https://derickrethans.nl/projects.html#vld>`_,
-via `a python script <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
-or `a php one <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
+via `a python script <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
+or `a php one <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
 
 The upload will be **allowed** if the script returns the value ``0``. Every other
 value will prevent the file from being uploaded.
@@ -342,7 +342,7 @@ For clarity, the presence of the ``allow`` or ``drop`` action is **mandatory**.
   because it'll match the deny first.
 
 If you're paranoid, we're providing a `php script
-<https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`__
+<https://github.com/jvoisin/snuffleupagus/blob/master/scripts/generate_rules.php>`__
 to automatically generate hash of files containing dangerous functions, and
 blacklisting them everywhere else.
 
@@ -358,7 +358,7 @@ It's currently not possible to:
   things like this, odds are that you're doing something wrong anyway.
 - Hooks on ``echo`` and on ``print`` are equivalent: there is no way to hook one
   without hooking the other, at least
-  `for now <https://github.com/nbs-system/snuffleupagus/issues/190>`__).
+  `for now <https://github.com/jvoisin/snuffleupagus/issues/190>`__).
   This is why hooked ``print`` will be displayed as ``echo`` in the logs.
 - Hook `strlen`, since in latest PHP versions, this function is usually
   optimized away by the compiled.

doc/source/debug.rst

@@ -18,7 +18,7 @@ We're using `php qa <https://qa.php.net/>`__ tests format for our testsuite,
 it is automatically run when you're building snuffleupagus.
 
 If it happens to have unexpected failures (Since we're using `TDD <https://en.wikipedia.org/wiki/Test-driven_development>`__ as much
-as we can, we do have some expected failures), please do `open an issue <https://github.com/nbs-system/snuffleupagus/issues/new>`__
+as we can, we do have some expected failures), please do `open an issue <https://github.com/jvoisin/snuffleupagus/issues/new>`__
 on our bugtracker, and attach the generated ``.diff`` and ``.out`` files to it,
 so we can see what's happening.
 
@@ -27,7 +27,7 @@ Snuffleupagus is crashing
 
 While we do our very best to make snuffleupagus solid as possible, we're humans,
 and computers are hard, so crashes can happen. If you're encountering one in production,
-please try to launch the `testsuite <https://github.com/nbs-system/snuffleupagus/blob/master/CONTRIBUTING.md#3-get-the-test-suite-running>`__
+please try to launch the `testsuite <https://github.com/jvoisin/snuffleupagus/blob/master/CONTRIBUTING.md#3-get-the-test-suite-running>`__
 to see if it's failing. If it does, please :ref:`tell us <testsuite_fail>`.
 
 If the testsuite is passing, odds are that you're encountering an issue tied to your php code,

doc/source/download.rst

@@ -4,20 +4,20 @@ Download
 Arch Linux
 ----------
 
-We're providing a `PKGBUILD <https://github.com/nbs-system/snuffleupagus/blob/master/PKGBUILD>`__,
+We're providing a `PKGBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/PKGBUILD>`__,
 so you can build a package yourself.
 
 Alpine Linux
 ------------
 
-We're providing a `APKBUILD <https://github.com/nbs-system/snuffleupagus/blob/master/APKBUILD>`__,
+We're providing a `APKBUILD <https://github.com/jvoisin/snuffleupagus/blob/master/APKBUILD>`__,
 so you can build a package yourself.
 
 Debian and Ubuntu
 -----------------
 
 We're currently not providing a Debian/Ubuntu repository,
-but you can grab the latest release on `github <https://github.com/nbs-system/snuffleupagus/releases>`__,
+but you can grab the latest release on `github <https://github.com/jvoisin/snuffleupagus/releases>`__,
 or build your own package by cloning the source code and typing ``make debian``.
 
 Fedora
@@ -39,4 +39,4 @@ We're currently using *github* as public code repository.
 
 ::
 
-  git clone https://github.com/nbs-system/snuffleupagus
+  git clone https://github.com/jvoisin/snuffleupagus

doc/source/faq.rst

@@ -46,6 +46,8 @@ with a strong focus on security. We do have several layers of hardening
 `IDS <https://en.wikipedia.org/wiki/Intrusion_detection_system>`_, etc),
 but we had nothing for PHP7.
 
+Nowadays, Snuffleupagus is maintained by Julien (jvoisin) Voisin.
+
 
 Why not Suhosin?
 """"""""""""""""
@@ -70,7 +72,8 @@ What license is Snuffleupagus released under and why?
 """""""""""""""""""""""""""""""""""""""""""""""""""""
 
 Snuffleupagus is licensed under the `LGPL <https://www.gnu.org/copyleft/lesser.html>`_
-and is developed by the fine people from `NBS System <https://nbs-system.com/>`__.
+was developed by the fine people from `NBS System <https://nbs-system.com/>`__,
+and is maintained by Julien (jvoisin) Voisin.
 
 We chose the LGPL because we don't care that much how you're using Snuffleupagus,
 but we'd like to force people to make their improvements/contributions
@@ -171,7 +174,7 @@ By checking the logs; Snuffleupagus systematically prefix them with ``[snuffleup
 
 Does Snuffleupagus run on Windows?
 """"""""""""""""""""""""""""""""""
-No idea, feel free to `try <https://github.com/nbs-system/snuffleupagus/issues/2>`_.
+No idea, feel free to `try <https://github.com/jvoisin/snuffleupagus/issues/2>`_.
 
 
 Does Snuggleupagus run on `HHVM <http://hhvm.com/>`_?
@@ -204,46 +207,13 @@ discuss potential impact of the vulnerability,
 reference applicable patches or workarounds,
 and credit the discoverer.
 
-Please send it us a mail to the ``security`` user,
-on ``nbs-system.com``, using the gpg key
-``498C46FF087EDC36E7EAF9D445414A82A9B22D78``:
-
-::
-
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-
-    mQENBFnKHhoBCADaOa0MKEqRy0h2ohIzczblzkMQCbU9oD1HwJ1VkYnn7TGW2iKi
-    NISxisExIXpy2Bn/pA27GiV0V/Do3NL6D9r0oOCrGR27muGM0N/dk9UMv7MWw8zv
-    K8cO+Sa28s0cAv7r2ogUJj5YOo8D4wHEpE8424TE89V9+Qg/SaFCxKoELFP0c7wu
-    mtsm0PnL65piZ1EB7lQo2gxg+8AV45MD1Y2rREMKUoZE23X+nXKsmEh9BFEPaU5M
-    7WQp0NasqeMNoGhwfw9ttVAeLhkEkaTjW1PkNRIb7vrtV9KVb5uKucflfbOnDlzu
-    tQ9U3tYto0mcSCRchAClfEmoSi/0mKyb5N6ZABEBAAG0NVNlY3VyaXR5IHRlYW0g
-    b2YgTkJTIFN5c3RlbSA8c2VjdXJpdHlAbmJzLXN5c3RlbS5jb20+iQE3BBMBCAAh
-    BQJZyh4aAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEEVBSoKpsi14jy0H
-    /1/XB9THhvmG0ow81sld2Zx8qhnNed8VvYDS6mEjpDWNVPxENwDbnakEjisq1Hrb
-    2UQPYCyQ5dekPNFVwQHIGXkX0eb1Ank+4esBJuEpQ2985tgNhJy5ZX+Imb5C8nZC
-    90uYSN1UUg559nUsFeElOXSEH6tIXK/TvjsvMYoi2Ukl6lb7PbIU2fjLY9Iqv3QY
-    32p8/Bl1fVKWbXOk0HDgJ6zA3Kr56QhZOLBkxjOa2XAnnIE76jZxUJ9qPCwWd1vW
-    GFxtx1Y+eZriqHiC9CPe6aBWcIHaTXSu1WBbXrFu8/eCWw243Rxm8l9wgA/a7VWq
-    WBfO45IhJUwh95naRpw8/4a5AQ0EWcoeGgEIAJtzSyyzfn2RX+BsyoRFANUpIgrV
-    /9eohYQVNqK3AFthmq7Kjmt4+hszF5+0wCFmWwYqGnqk1/dsWmqpkXsJldEn6oPJ
-    Bng+Dc67Yki2dR3TroAf95UmI08fhyM7TMXp8m46BPRRMzPNwalEeEm49Oclmfxb
-    JsWWCChWVLWGz2xgPEAv3fPHqus7Rwz/WIl53l/qy1Wf0ewmjRpVEfnEMKBExtBK
-    4kRxQ40LzUZ1SfpyGc3nMbswhevT7/klqrdJdCnlu67Y/IfRGxGZuNj1n1Dib3Hx
-    zTBHo3Y2R3BB93Ix8dkbLaxLqFbOYVdijCgJklqUWhx7btpQ2xnZyzyCMuUAEQEA
-    AYkBHwQYAQgACQUCWcoeGgIbDAAKCRBFQUqCqbIteFRvB/9u3Mae8n8ELrJKOn+P
-    PEbWjutObIuTplvY4QcbnNb9dsgsKryamp4CFJsA5XuitPpC31GDMXBZO5/LLOuH
-    HoMaXFJdic0NToL/3REhu+aZkNIU6S/iaPRNVhkSV4lwQsvncz+nBaiDUJjyfJm2
-    kEjVcRTM8yqzcNo/9Gn0ts+XCUqRj7+S1M4Bj3NySoO/w2n+7OLbIAj+wQZcj3Gf
-    5QhBYaY4YaFxrJE0IZxyXGHw8xhKR6AN+u4TO7LRCW+cWV/sHWir1MXieJoEG8+R
-    W/BhrB0Rz5uxOXMoGCCD2TUiHq7zpuHGnYFVmAnHQZaaQxXve4VrcmznxgpV8lpW
-    mZug
-    =+eIv
-    -----END PGP PUBLIC KEY BLOCK-----
+Please do send a mail to [Julien (jvoisin) Voisin](https://dustri.org) should
+you find a security issue.
+
 
 I found a bug. How can I report it?
 """""""""""""""""""""""""""""""""""
-We do have an issue tracker on `Github <https://github.com/nbs-system/snuffleupagus/issues>`_.
+We do have an issue tracker on `Github <https://github.com/jvoisin/snuffleupagus/issues>`_.
 Please make sure to include as much information as possible when reporting your issue,
 such as your operating system, your version of PHP 7, your version of Snuffleupagus,
 your logs, the problematic php code, the request, a brief description, … long story short,
@@ -255,12 +225,9 @@ it's not that hard.
 Where can I find even more help?
 """"""""""""""""""""""""""""""""
 The :doc:`configuration page <config>` might be what you're looking for.
-If you're adventurous, you can also check the `issue tracker <https://github.com/nbs-system/snuffleupagus/issues/?q=is%3Aissue>`_
-(make sure to check the `closed issues <https://github.com/nbs-system/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
+If you're adventurous, you can also check the `issue tracker <https://github.com/jvoisin/snuffleupagus/issues/?q=is%3Aissue>`_
+(make sure to check the `closed issues <https://github.com/jvoisin/snuffleupagus/issues?q=is%3Aissue+is%3Aclosed>`_ too).
 
-I need professional support for my company.
-"""""""""""""""""""""""""""""""""""""""""""
-Contact `NBS System <https://nbs-system.com>`_.
 
 Unimplemented mitigations and abandoned ideas
 ---------------------------------------------

doc/source/installation.rst

@@ -1,7 +1,7 @@
 Installation
 ============
 
-Snuffleupagus is tested against `various PHP 7+ versions <https://travis-ci.org/nbs-system/snuffleupagus/>`_.
+Snuffleupagus is tested against `various PHP 7+ versions <https://travis-ci.org/jvoisin/snuffleupagus/>`_.
 
 Manual installation
 -------------------
@@ -21,7 +21,7 @@ Quickstart
 
 ::
 
-    git clone https://github.com/nbs-system/snuffleupagus
+    git clone https://github.com/jvoisin/snuffleupagus
     cd snuffleupagus/src
     phpize
     ./configure --enable-snuffleupagus

src/php_snuffleupagus.h

@@ -4,7 +4,7 @@
 #define PHP_SNUFFLEUPAGUS_VERSION "0.5.0"
 #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus"
 #define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System"
-#define PHP_SNUFFLEUPAGUS_URL "https://github.com/nbs-system/snuffleupagus"
+#define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus"
 #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2"
 
 #include <errno.h>

src/sp_config_keywords.c

@@ -44,7 +44,7 @@ int parse_session(char *line) {
       "You're trying to use the session cookie encryption feature "
       "on line %zu without having session support statically built into PHP. "
       "This isn't supported, see "
-      "https://github.com/nbs-system/snuffleupagus/issues/278 for details.",
+      "https://github.com/jvoisin/snuffleupagus/issues/278 for details.",
       sp_line_no);
   pefree(session, 0);
   return -1;

src/sp_disabled_functions.c

@@ -361,7 +361,7 @@ static void should_disable(zend_execute_data* execute_data,
         sp_log_warn(
             "disable_function",
             "Snuffleupagus doesn't support variadic functions yet, sorry. "
-            "Check https://github.com/nbs-system/snuffleupagus/issues/164 for "
+            "Check https://github.com/jvoisin/snuffleupagus/issues/164 for "
             "details.");
       } else if (false == is_param_matching(
                               execute_data, config_node, builtin_param,

src/sp_upload_validation.c

@@ -15,7 +15,7 @@ int sp_rfc1867_callback_win(unsigned int event, void *event_data,
                             void **extra) {
   sp_log_msg("upload_validation", SP_LOG_SIMULATION,
              "The upload validation doesn't work for now on Windows yet, "
-             "see https://github.com/nbs-system/snuffleupagus/issues/248 for "
+             "see https://github.com/jvoisin/snuffleupagus/issues/248 for "
              "details.");
   return SUCCESS;
 }

src/tests/disable_function/disabled_functions_drop_include.phpt

@@ -1,5 +1,5 @@
 --TEST--
-Disable function, bug : https://github.com/nbs-system/snuffleupagus/issues/181
+Disable function, bug : https://github.com/jvoisin/snuffleupagus/issues/181
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--

src/tests/disable_function/disabled_functions_drop_include_simulation.phpt

@@ -1,5 +1,5 @@
 --TEST--
-Disable function, bug : https://github.com/nbs-system/snuffleupagus/issues/181
+Disable function, bug : https://github.com/jvoisin/snuffleupagus/issues/181
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--

src/tests/disable_function/disabled_functions_variadic.phpt

@@ -13,6 +13,6 @@ function foo(...$b) {
 echo foo(5, 4, 3, 2, 1);
 ?>
 --EXPECTF--
-Warning: [snuffleupagus][0.0.0.0][disable_function] Snuffleupagus doesn't support variadic functions yet, sorry. Check https://github.com/nbs-system/snuffleupagus/issues/164 for details. in %a/disabled_functions_variadic.php on line %d
+Warning: [snuffleupagus][0.0.0.0][disable_function] Snuffleupagus doesn't support variadic functions yet, sorry. Check https://github.com/jvoisin/snuffleupagus/issues/164 for details. in %a/disabled_functions_variadic.php on line %d
 
 Fatal error: [snuffleupagus][0.0.0.0][disabled_function] Aborted execution on call of the function 'foo' in %a/disabled_functions_variadic.php on line %d