From fe531d5806165f530f3ce27ec34f334c44187713 Mon Sep 17 00:00:00 2001
From: Stefano Ortolani <ortolanis@vmware.com>
Date: Fri, 8 Mar 2024 10:43:28 +0000
Subject: [PATCH] Bump version and fix bugs

Changes:
- Bump to version 2.4.187
- Fix error when not disabling ipv6 or ssl redirect
- Enable ztsd php extension
- Catch when .env file is not created
---
 core/Dockerfile                |  8 ++++---
 core/files/entrypoint_nginx.sh | 44 +++++++++++++++++++---------------
 docker-compose.yml             |  8 +++----
 template.env                   |  4 ++--
 4 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/core/Dockerfile b/core/Dockerfile
index 938bc0a..4565e98 100644
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -55,10 +55,11 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim" as php-build
         php-pear \
         librdkafka-dev \
         libsimdjson-dev \
+        libzstd-dev \
         git \
         && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*
 
-    RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson
+    RUN cp "/usr/lib/$(gcc -dumpmachine)"/libfuzzy.* /usr/lib; pecl channel-update pecl.php.net && pecl install ssdeep && pecl install rdkafka && pecl install simdjson && pecl install zstd
     RUN git clone --recursive --depth=1 https://github.com/kjdev/php-ext-brotli.git && \
         cd php-ext-brotli && phpize && ./configure && make && make install
 
@@ -174,6 +175,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
         librdkafka1 \
         libbrotli1 \
         libsimdjson5 \
+        libzstd1 \
         # Unsure we need these
         zip unzip \
         # Require for advanced an unattended configuration
@@ -185,7 +187,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
     RUN pip3 install --no-cache-dir /wheels/*.whl && rm -rf /wheels
 
     # PHP: install prebuilt libraries, then install the app's PHP deps
-    COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/"]
+    COPY --from=php-build ["/usr/lib/php/${PHP_VER}/ssdeep.so", "/usr/lib/php/${PHP_VER}/rdkafka.so", "/usr/lib/php/${PHP_VER}/brotli.so", "/usr/lib/php/${PHP_VER}/simdjson.so", "/usr/lib/php/${PHP_VER}/zstd.so", "/usr/lib/php/${PHP_VER}/"]
 
     # Do an early chown to limit image size
     COPY --from=python-build --chown=www-data:www-data --chmod=0550 /var/www/MISP /var/www/MISP
@@ -194,7 +196,7 @@ FROM "${DOCKER_HUB_PROXY}debian:bullseye-slim"
 
     # Gather these in one layer, only act on actual directories under /etc/php/
     RUN <<-EOF
-        set -- "ssdeep" "rdkafka" "brotli" "simdjson"
+        set -- "ssdeep" "rdkafka" "brotli" "simdjson" "zstd"
         for mod in "$@"; do
             for dir in /etc/php/*/; do
                 echo "extension=${mod}.so" > "${dir}mods-available/${mod}.ini"
diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh
index c3d1a36..0ff9329 100755
--- a/core/files/entrypoint_nginx.sh
+++ b/core/files/entrypoint_nginx.sh
@@ -210,34 +210,40 @@ init_nginx() {
     # Testing for files also test for links, and generalize better to mounted files
     if [[ ! -f "/etc/nginx/sites-enabled/misp80" ]]; then
         echo "... enabling port 80 redirect"
-        if [[ "$DISABLE_IPV6" = "true" ]]; then
-            sed -i "s/[^#] listen \[/  # listen \[/" /etc/nginx/sites-available/misp80
-        else
-            sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp80
-        fi
-        if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
-            sed -i "s/[^#] return /  # return /" /etc/nginx/sites-available/misp80
-            sed -i "s/# include /include /" /etc/nginx/sites-available/misp80
-        else
-            sed -i "s/[^#] include /  # include /" /etc/nginx/sites-available/misp80
-            sed -i "s/# return /return /" /etc/nginx/sites-available/misp80
-        fi
         ln -s /etc/nginx/sites-available/misp80 /etc/nginx/sites-enabled/misp80
     else
-        echo "... port 80 already configured"
+        echo "... port 80 already enabled"
+    fi
+    if [[ "$DISABLE_IPV6" = "true" ]]; then
+        echo "... disabling IPv6 on port 80"
+        sed -i "s/[^#] listen \[/  # listen \[/" /etc/nginx/sites-enabled/misp80
+    else
+        echo "... enabling IPv6 on port 80"
+        sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp80
+    fi
+    if [[ "$DISABLE_SSL_REDIRECT" = "true" ]]; then
+        echo "... disabling SSL redirect"
+        sed -i "s/[^#] return /  # return /" /etc/nginx/sites-enabled/misp80
+        sed -i "s/# include /include /" /etc/nginx/sites-enabled/misp80
+    else
+        echo "... enabling SSL redirect"
+        sed -i "s/[^#] include /  # include /" /etc/nginx/sites-enabled/misp80
+        sed -i "s/# return /return /" /etc/nginx/sites-enabled/misp80
     fi
 
     # Testing for files also test for links, and generalize better to mounted files
     if [[ ! -f "/etc/nginx/sites-enabled/misp443" ]]; then
         echo "... enabling port 443"
-        if [[ "$DISABLE_IPV6" = "true" ]]; then
-            sed -i "s/[^#] listen \[/  # listen \[/" /etc/nginx/sites-available/misp443
-        else
-            sed -i "s/# listen \[/listen \[" /etc/nginx/sites-available/misp443
-        fi
         ln -s /etc/nginx/sites-available/misp443 /etc/nginx/sites-enabled/misp443
     else
-        echo "... port 443 already configured"
+        echo "... port 443 already enabled"
+    fi
+    if [[ "$DISABLE_IPV6" = "true" ]]; then
+        echo "... disabling IPv6 on port 443"
+        sed -i "s/[^#] listen \[/  # listen \[/" /etc/nginx/sites-enabled/misp443
+    else
+        echo "... enabling IPv6 on port 443"
+        sed -i "s/# listen \[/listen \[/" /etc/nginx/sites-enabled/misp443
     fi
     
     if [[ ! -f /etc/nginx/certs/cert.pem || ! -f /etc/nginx/certs/key.pem ]]; then
diff --git a/docker-compose.yml b/docker-compose.yml
index 1f4e54d..96cdde7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,9 +33,9 @@ services:
     build:
       context: core/.
       args:
-          - CORE_TAG=${CORE_TAG}
+          - CORE_TAG=${CORE_TAG:?Missing .env file, see README.md for instructions}
           - CORE_COMMIT=${CORE_COMMIT}
-          - PHP_VER=${PHP_VER}
+          - PHP_VER=${PHP_VER:?Missing .env file, see README.md for instructions}
           - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
           - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
           - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
@@ -120,9 +120,9 @@ services:
     build:
       context: modules/.
       args:
-        - MODULES_TAG=${MODULES_TAG}
+        - MODULES_TAG=${MODULES_TAG:?Missing .env file, see README.md for instructions}
         - MODULES_COMMIT=${MODULES_COMMIT}
-        - LIBFAUP_COMMIT=${LIBFAUP_COMMIT}
+        - LIBFAUP_COMMIT=${LIBFAUP_COMMIT:?Missing .env file, see README.md for instructions}
     environment:
       - "REDIS_BACKEND=redis"
     depends_on:
diff --git a/template.env b/template.env
index 327d331..248be76 100644
--- a/template.env
+++ b/template.env
@@ -2,8 +2,8 @@
 # Build-time variables
 ##
 
-CORE_TAG=v2.4.186
-MODULES_TAG=v2.4.186
+CORE_TAG=v2.4.187
+MODULES_TAG=v2.4.187
 PHP_VER=20190902
 LIBFAUP_COMMIT=3a26d0a