commit: ee4985333e42e9794fb0f165a857e78af0f363d5 Author: Stephen Shkardoon <ss23 <AT> ss23 <DOT> geek <DOT> nz> AuthorDate: Mon Feb 27 15:34:06 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Mar 4 07:18:15 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee498533
net-p2p/rtorrent: Resolve overflow issue on hardened build Closes: https://bugs.gentoo.org/891995 Signed-off-by: Stephen Shkardoon <ss23 <AT> ss23.geek.nz> Closes: https://github.com/gentoo/gentoo/pull/29834 Signed-off-by: Sam James <sam <AT> gentoo.org> .../rtorrent/files/rtorrent-0.9.8-bgo891995.patch | 27 ++++++++ net-p2p/rtorrent/rtorrent-0.9.8-r2.ebuild | 74 ++++++++++++++++++++++ 2 files changed, 101 insertions(+) diff --git a/net-p2p/rtorrent/files/rtorrent-0.9.8-bgo891995.patch b/net-p2p/rtorrent/files/rtorrent-0.9.8-bgo891995.patch new file mode 100644 index 000000000000..943fe64dddc1 --- /dev/null +++ b/net-p2p/rtorrent/files/rtorrent-0.9.8-bgo891995.patch @@ -0,0 +1,27 @@ +https://bugs.gentoo.org/891995 +https://github.com/rakshasa/rtorrent/issues/1205 +https://github.com/rakshasa/rtorrent/pull/1169 + +From 812bba81bc049a5f786282b3654cab294b0ef236 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <cyp...@cyphar.com> +Date: Mon, 20 Jun 2022 19:09:57 +1000 +Subject: [PATCH] utils: lockfile: avoid stack overflow for lockfile buffer + +There appears to have been some change on openSUSE (likely some new +hardening flags for builds, or some glibc hardening) such that incorrect +buffer handling results in a segfault even if the buffer is never +overflowed. + +Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> +--- a/src/utils/lockfile.cc ++++ b/src/utils/lockfile.cc +@@ -98,7 +98,8 @@ Lockfile::try_lock() { + int pos = ::gethostname(buf, 255); + + if (pos == 0) { +- ::snprintf(buf + std::strlen(buf), 255, ":+%i\n", ::getpid()); ++ ssize_t len = std::strlen(buf); ++ ::snprintf(buf + len, 255 - len, ":+%i\n", ::getpid()); + int __UNUSED result = ::write(fd, buf, std::strlen(buf)); + } + diff --git a/net-p2p/rtorrent/rtorrent-0.9.8-r2.ebuild b/net-p2p/rtorrent/rtorrent-0.9.8-r2.ebuild new file mode 100644 index 000000000000..b3161479593e --- /dev/null +++ b/net-p2p/rtorrent/rtorrent-0.9.8-r2.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools linux-info systemd + +DESCRIPTION="BitTorrent Client using libtorrent" +HOMEPAGE="https://rakshasa.github.io/rtorrent/"; +SRC_URI="http://rtorrent.net/downloads/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x64-solaris" +IUSE="debug selinux test xmlrpc" +RESTRICT="!test? ( test )" + +COMMON_DEPEND="~net-libs/libtorrent-0.13.${PV##*.} + >=net-misc/curl-7.19.1 + sys-libs/ncurses:0= + xmlrpc? ( dev-libs/xmlrpc-c:= )" +RDEPEND="${COMMON_DEPEND} + selinux? ( sec-policy/selinux-rtorrent ) +" +DEPEND="${COMMON_DEPEND} + dev-util/cppunit + virtual/pkgconfig" + +DOCS=( doc/rtorrent.rc ) + +PATCHES=( + "${FILESDIR}/${P}-bgo891995.patch" +) + +pkg_setup() { + if ! linux_config_exists || ! linux_chkconfig_present IPV6; then + ewarn "rtorrent will not start without IPv6 support in your kernel" + ewarn "without further configuration. Please set bind=0.0.0.0 or" + ewarn "similar in your rtorrent.rc" + ewarn "Upstream bug: https://github.com/rakshasa/rtorrent/issues/732"; + fi +} + +src_prepare() { + default + + # https://github.com/rakshasa/rtorrent/issues/332 + cp "${FILESDIR}"/rtorrent.1 "${S}"/doc/ || die + + if [[ ${CHOST} != *-darwin* ]]; then + # syslibroot is only for macos, change to sysroot for others + sed -i 's/Wl,-syslibroot,/Wl,--sysroot,/' "${S}/scripts/common.m4" || die + fi + + eautoreconf +} + +src_configure() { + default + + # configure needs bash or script bombs out on some null shift, bug #291229 + CONFIG_SHELL=${BASH} econf \ + $(use_enable debug) \ + $(use_with xmlrpc xmlrpc-c) +} + +src_install() { + default + doman doc/rtorrent.1 + + newinitd "${FILESDIR}/rtorrent-r1.init" rtorrent + newconfd "${FILESDIR}/rtorrentd.conf" rtorrent + systemd_newunit "${FILESDIR}/rtorrentd_at-r1.service" "rtorrentd@.service" +}
