commit: 4e301458bf4842213e6e97c12487939e4a299abf Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Mon Nov 6 21:15:07 2017 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Mon Nov 6 21:15:26 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e301458
net-misc/wget: Rev bump to fix segfault Bug: http://savannah.gnu.org/bugs/?52349 Closes: https://bugs.gentoo.org/636730 Package-Manager: Portage-2.3.13, Repoman-2.3.4 ...-fix-segfault-due-to-derefencing-null-ptr.patch | 66 +++++++++++++ net-misc/wget/wget-1.19.2-r1.ebuild | 109 +++++++++++++++++++++ 2 files changed, 175 insertions(+) diff --git a/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch new file mode 100644 index 00000000000..8a66e08c3e3 --- /dev/null +++ b/net-misc/wget/files/wget-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch @@ -0,0 +1,66 @@ +From 973c26ed7d51052a7b6e120ed1b84e47266667e1 Mon Sep 17 00:00:00 2001 +From: Darshit Shah <[email protected]> +Date: Mon, 6 Nov 2017 10:09:03 +0100 +Subject: Fix Segfault due to derefencing null ptr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/http.c(gethttp): When Encoding is gzip, ensure that the +Content-Type Header was actually seen. Without this, the "type" variable +is null causing a Segfault. + +Reported-By: Noël Köthe <[email protected]> +--- + src/http.c | 30 +++++++++++++++++++----------- + 1 file changed, 19 insertions(+), 11 deletions(-) + +diff --git a/src/http.c b/src/http.c +index 9954848..2a5454f 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -3714,22 +3714,30 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, + && opt.compression != compression_none) + { + /* Make sure the Content-Type is not gzip before decompressing */ +- const char * p = strchr (type, '/'); +- if (p == NULL) +- { +- hs->remote_encoding = ENC_GZIP; +- hs->local_encoding = ENC_NONE; +- } +- else ++ if (type) + { +- p++; +- if (c_tolower(p[0]) == 'x' && p[1] == '-') +- p += 2; +- if (0 != c_strcasecmp (p, "gzip")) ++ const char * p = strchr (type, '/'); ++ if (p == NULL) + { + hs->remote_encoding = ENC_GZIP; + hs->local_encoding = ENC_NONE; + } ++ else ++ { ++ p++; ++ if (c_tolower(p[0]) == 'x' && p[1] == '-') ++ p += 2; ++ if (0 != c_strcasecmp (p, "gzip")) ++ { ++ hs->remote_encoding = ENC_GZIP; ++ hs->local_encoding = ENC_NONE; ++ } ++ } ++ } ++ else ++ { ++ hs->remote_encoding = ENC_GZIP; ++ hs->local_encoding = ENC_NONE; + } + } + #endif +-- +cgit v1.0-41-gc330 + diff --git a/net-misc/wget/wget-1.19.2-r1.ebuild b/net-misc/wget/wget-1.19.2-r1.ebuild new file mode 100644 index 00000000000..112e811986a --- /dev/null +++ b/net-misc/wget/wget-1.19.2-r1.ebuild @@ -0,0 +1,109 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +PYTHON_COMPAT=( python3_{4,5,6} ) + +inherit flag-o-matic python-any-r1 toolchain-funcs + +DESCRIPTION="Network utility to retrieve files from the WWW" +HOMEPAGE="https://www.gnu.org/software/wget/"; +SRC_URI="mirror://gnu/wget/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug gnutls idn ipv6 libressl nls ntlm pcre +ssl static test uuid zlib" +REQUIRED_USE=" ntlm? ( !gnutls ssl ) gnutls? ( ssl )" + +PATCHES=( "${FILESDIR}"/${PN}-1.19.2-fix-segfault-due-to-derefencing-null-ptr.patch ) + +# Force a newer libidn2 to avoid libunistring deps. #612498 +LIB_DEPEND="idn? ( >=net-dns/libidn2-0.14[static-libs(+)] ) + pcre? ( dev-libs/libpcre[static-libs(+)] ) + ssl? ( + gnutls? ( net-libs/gnutls:0=[static-libs(+)] ) + !gnutls? ( + !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) + libressl? ( dev-libs/libressl[static-libs(+)] ) + ) + ) + uuid? ( sys-apps/util-linux[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] )" +RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + static? ( ${LIB_DEPEND} ) + test? ( + ${PYTHON_DEPS} + dev-lang/perl + dev-perl/HTTP-Daemon + dev-perl/HTTP-Message + dev-perl/IO-Socket-SSL + ) + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS MAILING-LIST NEWS README doc/sample.wgetrc ) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +src_prepare() { + default + + # revert some hack that breaks linking, bug #585924 + if [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-solaris* ]] || [[ ${CHOST} == *-uclibc* ]]; then + sed -i \ + -e 's/^ LIBICONV=$/:/' \ + configure || die + fi +} + +src_configure() { + # fix compilation on Solaris, we need filio.h for FIONBIO as used in + # the included gnutls -- force ioctl.h to include this header + [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1 + + if use static ; then + append-ldflags -static + tc-export PKG_CONFIG + PKG_CONFIG+=" --static" + fi + + # There is no flag that controls this. libunistring-prefix only + # controls the search path (which is why we turn it off below). + # Further, libunistring is only needed w/older libidn2 installs, + # and since we force the latest, we can force off libunistring. #612498 + ac_cv_libunistring=no \ + econf \ + --disable-assert \ + --disable-rpath \ + --without-included-libunistring \ + --without-libunistring-prefix \ + $(use_enable debug) \ + $(use_enable idn iri) \ + $(use_enable ipv6) \ + $(use_enable nls) \ + $(use_enable ntlm) \ + $(use_enable pcre) \ + $(use_enable ssl digest) \ + $(use_enable ssl opie) \ + $(use_with idn libidn) \ + $(use_with ssl ssl $(usex gnutls gnutls openssl)) \ + $(use_with uuid libuuid) \ + $(use_with zlib) +} + +src_install() { + default + + sed -i \ + -e "s:/usr/local/etc:${EPREFIX}/etc:g" \ + "${ED}"/etc/wgetrc \ + "${ED}"/usr/share/man/man1/wget.1 \ + "${ED}"/usr/share/info/wget.info \ + || die +}
