From fbbf0ee3d56a6fd27adf182c6907dc745623aeaa Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 10 Aug 2024 11:05:14 +0100 Subject: gentoo auto-resync : 10:08:2024 - 11:05:14 --- net-nntp/Manifest.gz | Bin 1373 -> 1376 bytes net-nntp/nzbget/Manifest | 3 + ...bget-24.2-fix-getrealpath-buffer-overflow.patch | 174 +++++++++++++++++++++ net-nntp/nzbget/nzbget-24.2.ebuild | 117 ++++++++++++++ 4 files changed, 294 insertions(+) create mode 100644 net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch create mode 100644 net-nntp/nzbget/nzbget-24.2.ebuild (limited to 'net-nntp') diff --git a/net-nntp/Manifest.gz b/net-nntp/Manifest.gz index 048962eb3848..cedbef45864d 100644 Binary files a/net-nntp/Manifest.gz and b/net-nntp/Manifest.gz differ diff --git a/net-nntp/nzbget/Manifest b/net-nntp/nzbget/Manifest index 46020facf5c0..9d09227b1ae9 100644 --- a/net-nntp/nzbget/Manifest +++ b/net-nntp/nzbget/Manifest @@ -1,11 +1,14 @@ AUX nzbget-21.1-openssl-3.patch 943 BLAKE2B 7a66602312169f985f869e0d5cc4b64fd735ed276be3ae3d745715cf4c7d098947c0ea786412594f2240eef20be58332d0481e6221bb3fda723c2aebf67c1430 SHA512 5d5f47088560d7835cf8f8d2fd39aae2d591a12b5d6f9182f433eb72857343b532125a33b4206048343afe159660689f403201fe8f2e2ad1b732f3f8539677d3 AUX nzbget-24.1-fix-allocah.patch 1769 BLAKE2B 66f27fd204df17ba1d2ef8d4f0e6785b3b121ac14ed24d472d4b27c1617467e35c1e60221a5008e045ad591b8c8e8de6469696fffcabe836ca72456a15890369 SHA512 28b8ca9e35dc3f76eff7962c9747cc32b450bbb83dc1def2cd99b52d3aab87988cb0c4de75df45b4b7a06f935538fc46dcae2ba5306a18b651352bc4c2c1e05a +AUX nzbget-24.2-fix-getrealpath-buffer-overflow.patch 5904 BLAKE2B 15f22d7646b57e4a0b3bef74895e005b63c4bfb30398073581547ecb130b575403c3a4e9063241379e425cee400d03b5c977d77d9d0b462f1b32c64cb27af07f SHA512 7c5d0490a6d0ec154ffddaa80152b3d7abfcedd1f8e3c37cdd203912e9c8e8e8147d2d78e9adc19bfc786bdc66923144969498b29888f31ff6a919f9376972eb AUX nzbget.confd 337 BLAKE2B 4986f3c00019f8f2d0c3d71f9d623186823748722dc4c8aea82ef39b57cebc079247ce5aaa14f1fd844a3c94931f53c1af7ce015e2b4ba68973367c6b708e0e3 SHA512 0f9a0d62ac6ea35703ebd64ec68057596d63fd5957afa2d3bcd18b4e8db4b24e78d060dc36cf90dbd2f604b4c6f107fb8e59ff779b6865cd362e71a0666d6c56 AUX nzbget.initd-r1 742 BLAKE2B eef074b7e25cd085b92850892ee8917772451b0f58a7f7c3b96c55bcdb115cc99d12e0569f59cc546f9655460230e5f29a82c4d749a654e2019e7c06651c165a SHA512 df4965d25a221c033586da85596584a712bc5c5d9c2e0950850f96fa872f29a04571649e7add504d9fe8be3639654e5653a766a6accf4dea344ca771088b432a AUX nzbget.service 466 BLAKE2B 928ff8fd5f48b9190324ccaa98f1215aa35e30eb9959278fe2b9d77f175ee97a28e0efe3ac034ceb2da023c9d7737aa3f803861489284578412559e257700003 SHA512 5a59562580596bc5524086dcb2b2550b242a5f62750fd42a5b2e9ecb786b40107a21fcab7496d0cd396434da7ed3ee5d1046059d94f5f2bcb76ad496862d19e1 DIST nzbget-21.1.tar.gz 1988916 BLAKE2B 74298c5c7f3986831f36832a8ffe596543196b5b46500925de478bf11cab8e66fb36dee9458533a4194d82123765b29e37914463d72fd206e218b4875861001a SHA512 d8dc1ad324f675c5505e623049a14c022475267aa03dcd5d8fd6cf9ed3b776cc2776077b61d035e252937ea4b6bf8f90bd33e715cfd842d2e012615df3ffeafb DIST nzbget-24.1.tar.gz 5365282 BLAKE2B 4fe260c361888d99eaf457a520b39560320b86d181cd12891b35962c9d4c6d773aeb389bf2254029fc58643bb5b04eb24917db9319f1a1068014feed08521dde SHA512 eb4a60cb3a529e2fb8242615e57758ceed615a573fabbe7170490e7af8c228edc90a096860ab7cf49ee85fc834cb8db30aa866c4f149679396139e54c166cf5c +DIST nzbget-24.2.tar.gz 5512752 BLAKE2B ef4c6e562976030b790a93747d11d6b7059be7cb8bc9076068c037a0e8d25f09054ff280417b52f534af50aec0f11cd21959f995ae8252a21ea274aa7efdfc84 SHA512 ad280315f9a60bf206a134e3703337af2e2dfb8282dd5efc55af071f82f5f7e7857f819dd843f6ae70cd7fcea2c84de4db535d7658fb5255a380ffcf685a680f EBUILD nzbget-21.1-r1.ebuild 2445 BLAKE2B 3caa46ddd86a962d8627826e98bc8c2444598392c08e2f883ce7b1bdc3bf3054464bbb3eba1ba057ed807244a5f805a9ce0bd607ebf454b23cdbe91c9d5d5fac SHA512 1e983dd0db364d347a8745ce8d37f14f944cb62be57a4452a4df211c85d5c8bce0e14f16861cf5429d2de75b108dcbbf5f34118376bf69b77b2b25293fad4685 EBUILD nzbget-21.1-r2.ebuild 2581 BLAKE2B 6f09eb6471326471b3c3110b7b4df5b8ea5e09f6655fdaab11b9621033644cedf299b46902001ca76f70490a5b33e9d4c0ac4c63a4156f030ee96b4085e3094a SHA512 b78cc4a774e86f386ae0d61d09f650998257f2e918ae60e1f5f02dd31300dad78cb53229d3552fc997a21aafcdc8028e8da0bd79bc06a8f5ad6df7c4f0fe24a8 EBUILD nzbget-24.1.ebuild 2566 BLAKE2B f4c8f8c04fe7bee5422868641586b45fd5f21ab785f2065d197b96b7630d4b595b6d15aebf3f1d10c0fb4132bd7e38706b3d286959d8e92fc3ea4a3ad0a71038 SHA512 e9643c4e08631815380427fe7f25f90902112461ffeddcf4b6f017014bff8cbf4379c651a9e70549f8a07375a55e91a62505381b38f6b8d4ffd7e5efe250b134 +EBUILD nzbget-24.2.ebuild 2807 BLAKE2B 38a27e2d5cce8413662eaefa5573d0b4d1d403d4288ff96ee6d098617a17916064811fe4c6a76dc4bb461c6b55cf02eb688fc9ded9fb999b24238f988c99c546 SHA512 c094b9f1533b4e1b80bcbb993a3f2f5200271a45c52e950d5b96d75a8f1ebf94ef5fa651a2eca1a4139023ffed4c4b5fb578c4290d45dde367165046c981fa9a MISC metadata.xml 586 BLAKE2B 462398c1c6fe7417d36ead5304ba425c9edb034b095dabbfceade1dd8f892c3c1f09eef71b466f49ef2e9599d395b822e264101f181b04f9e33793a89d36529e SHA512 2acf6e839312db5cc6de6c76effe9c40805b976e3421e51a2e3a1deb12f05fb5ed5eb0da37aec17f42debcd38420877c861a30570a9f04325ac8c8ad83bdb56f diff --git a/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch b/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch new file mode 100644 index 000000000000..fcaeb9a5c2d6 --- /dev/null +++ b/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch @@ -0,0 +1,174 @@ +https://github.com/nzbgetcom/nzbget/commit/f89978f7479cbb0ff2f96c8632d9d2f31834e6c8 + +From f89978f7479cbb0ff2f96c8632d9d2f31834e6c8 Mon Sep 17 00:00:00 2001 +From: Denis <146707790+dnzbk@users.noreply.github.com> +Date: Wed, 7 Aug 2024 11:54:33 -0700 +Subject: [PATCH] Fixed: buffer overflow using getrealpath function (#346) + +- use a safer approach of using `getrealpath` according to the [doc](https://man7.org/linux/man-pages/man3/realpath.3.html) +- using `std::string_view` instead of `std::string&` for better performance +- improved `SystemInfoTest` to make it more flexible +--- a/daemon/util/FileSystem.cpp ++++ b/daemon/util/FileSystem.cpp +@@ -56,20 +56,21 @@ void FileSystem::NormalizePathSeparators(char* path) + } + } + +-std::optional FileSystem::GetFileRealPath(const std::string& path) ++std::optional FileSystem::GetFileRealPath(std::string_view path) + { +- char buffer[256]; +- + #ifdef WIN32 +- DWORD len = GetFullPathName(path.c_str(), 256, buffer, nullptr); ++ char buffer[MAX_PATH]; ++ DWORD len = GetFullPathName(path.data(), MAX_PATH, buffer, nullptr); + if (len != 0) + { +- return std::optional{ buffer }; ++ return std::optional{ buffer }; + } + #else +- if (realpath(path.c_str(), buffer) != nullptr) ++ if (char* realPath = realpath(path.data(), nullptr)) + { +- return std::optional{ buffer }; ++ std::string res = realPath; ++ free(realPath); ++ return std::optional(std::move(res)); + } + #endif + +--- a/daemon/util/FileSystem.h ++++ b/daemon/util/FileSystem.h +@@ -40,7 +40,7 @@ class FileSystem + static char* BaseFileName(const char* filename); + static bool SameFilename(const char* filename1, const char* filename2); + static void NormalizePathSeparators(char* path); +- static std::optional GetFileRealPath(const std::string& path); ++ static std::optional GetFileRealPath(std::string_view path); + static bool LoadFileIntoBuffer(const char* filename, CharBuffer& buffer, bool addTrailingNull); + static bool SaveBufferIntoFile(const char* filename, const char* buffer, int bufLen); + static bool AllocateFile(const char* filename, int64 size, bool sparse, CString& errmsg); +--- a/tests/system/SystemInfoTest.cpp ++++ b/tests/system/SystemInfoTest.cpp +@@ -28,22 +28,22 @@ + #include "Log.h" + #include "DiskState.h" + +-Log* g_Log = new Log(); ++Log* g_Log; + Options* g_Options; + DiskState* g_DiskState; + +-std::string GetToolsJsonStr(const std::vector tools) ++std::string GetToolsJsonStr(const std::vector& tools) + { + std::string json = "\"Tools\":["; + + for (size_t i = 0; i < tools.size(); ++i) + { + std::string path = tools[i].path; +- for (size_t i = 0; i < path.length(); ++i) { +- if (path[i] == '\\') ++ for (size_t j = 0; j < path.length(); ++j) { ++ if (path[j] == '\\') + { +- path.insert(i, "\\"); +- ++i; ++ path.insert(j, "\\"); ++ ++j; + } + } + +@@ -62,7 +62,7 @@ std::string GetToolsJsonStr(const std::vector tools) + return json; + } + +-std::string GetLibrariesJsonStr(const std::vector libs) ++std::string GetLibrariesJsonStr(const std::vector& libs) + { + std::string json = "\"Libraries\":["; + +@@ -82,7 +82,7 @@ std::string GetLibrariesJsonStr(const std::vector libs) + return json; + } + +-std::string GetToolsXmlStr(const std::vector tools) ++std::string GetToolsXmlStr(const std::vector& tools) + { + std::string xml = ""; + +@@ -110,7 +110,7 @@ std::string GetToolsXmlStr(const std::vector tools) + return xml; + } + +-std::string GetLibrariesXmlStr(const std::vector libs) ++std::string GetLibrariesXmlStr(const std::vector& libs) + { + std::string xml = ""; + +@@ -126,13 +126,32 @@ std::string GetLibrariesXmlStr(const std::vector libs) + return xml; + } + ++std::string GetNetworkXmlStr(const System::Network& network) ++{ ++ std::string res = ""; ++ res += network.publicIP.empty() ++ ? "PublicIP" ++ : "PublicIP" + network.publicIP + ""; ++ ++ res += network.privateIP.empty() ++ ? "PrivateIP" ++ : "PrivateIP" + network.privateIP + ""; ++ ++ res += ""; ++ return res; ++} ++ + BOOST_AUTO_TEST_CASE(SystemInfoTest) + { +- BOOST_CHECK(0 == 0); ++ Log log; ++ DiskState ds; + Options::CmdOptList cmdOpts; + cmdOpts.push_back("SevenZipCmd=7z"); + cmdOpts.push_back("UnrarCmd=unrar"); + Options options(&cmdOpts, nullptr); ++ ++ g_Log = &log; ++ g_DiskState = &ds; + g_Options = &options; + + auto sysInfo = std::make_unique(); +@@ -157,14 +176,25 @@ BOOST_AUTO_TEST_CASE(SystemInfoTest) + "" + + "Arch" + sysInfo->GetCPUInfo().GetArch() + + "" + +- "PublicIP" + sysInfo->GetNetworkInfo().publicIP + +- "" +- "PrivateIP" + sysInfo->GetNetworkInfo().privateIP + +- "" + ++ GetNetworkXmlStr(sysInfo->GetNetworkInfo()) + + GetToolsXmlStr(sysInfo->GetTools()) + + GetLibrariesXmlStr(sysInfo->GetLibraries()) + + ""; + ++ BOOST_TEST_MESSAGE("EXPECTED JSON STR: "); ++ BOOST_TEST_MESSAGE(jsonStrExpected); ++ ++ BOOST_TEST_MESSAGE("RESULT JSON STR: "); ++ BOOST_TEST_MESSAGE(jsonStrResult); ++ ++ BOOST_TEST_MESSAGE("EXPECTED XML STR: "); ++ BOOST_TEST_MESSAGE(xmlStrExpected); ++ ++ BOOST_TEST_MESSAGE("RESULT XML STR: "); ++ BOOST_TEST_MESSAGE(xmlStrResult); ++ + BOOST_CHECK(jsonStrResult == jsonStrExpected); + BOOST_CHECK(xmlStrResult == xmlStrExpected); ++ ++ xmlCleanupParser(); + } diff --git a/net-nntp/nzbget/nzbget-24.2.ebuild b/net-nntp/nzbget/nzbget-24.2.ebuild new file mode 100644 index 000000000000..61ab9a26e4e2 --- /dev/null +++ b/net-nntp/nzbget/nzbget-24.2.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake systemd + +DESCRIPTION="A command-line based binary newsgrabber supporting .nzb files" +HOMEPAGE="https://nzbget.com/" +SRC_URI="https://github.com/nzbgetcom/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="gnutls ncurses +parcheck ssl test zlib" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/boost:= + dev-libs/libxml2:= + ncurses? ( sys-libs/ncurses:0= ) + ssl? ( + gnutls? ( + net-libs/gnutls:= + dev-libs/nettle:= + ) + !gnutls? ( dev-libs/openssl:0=[-bindist(-)] ) + ) + zlib? ( sys-libs/zlib:= )" +RDEPEND=" + ${DEPEND} + acct-user/nzbget + acct-group/nzbget +" +BDEPEND=" + test? ( + || ( + app-arch/rar + app-arch/unrar + ) + ) + virtual/pkgconfig +" + +DOCS=( ChangeLog.md README.md nzbget.conf ) + +PATCHES=( + "${FILESDIR}/${P}-fix-getrealpath-buffer-overflow.patch" +) + +src_prepare() { + cmake_src_prepare + + # Update the main configuration file with the correct paths + sed -i nzbget.conf \ + -e "s:^WebDir=.*:WebDir=${EPREFIX}/usr/share/nzbget/webui:" \ + -e "s:^ConfigTemplate=.*:ConfigTemplate=${EPREFIX}/usr/share/nzbget/nzbget.conf:" \ + || die + # Update the daemon-specific configuration file (used by the OpenRC and + # systemd services) + sed nzbget.conf > nzbgetd.conf \ + -e "s:^MainDir=.*:MainDir=${EPREFIX}/var/lib/nzbget:" \ + -e "s:^LogFile=.*:LogFile=${EPREFIX}/var/log/nzbget/nzbget.log:" \ + -e 's:^DaemonUsername=.*:DaemonUsername=nzbget:' \ + || die +} + +src_configure() { + local mycmakeargs=( + -DDISABLE_CURSES=$(usex !ncurses) + -DDISABLE_PARCHECK=$(usex !parcheck) + -DDISABLE_TLS=$(usex !ssl) + -DDISABLE_GZIP=$(usex !zlib) + -DUSE_OPENSSL=$(usex !gnutls) + -DUSE_GNUTLS=$(usex gnutls) + -DENABLE_TESTS=$(usex test) + ) + cmake_src_configure +} + +src_install() { + cmake_src_install + + insinto /etc + doins nzbget.conf + doins nzbgetd.conf + + # The configuration file's "ConfigTemplate" option points to this, we must + # make sure it exists as the Web UI reads it. It is not installed by + # default, see the "install-conf" target in cmake/install.cmake. + insinto /usr/share/nzbget + doins nzbget.conf + + keepdir /var/log/nzbget + + newinitd "${FILESDIR}"/nzbget.initd-r1 nzbget + newconfd "${FILESDIR}"/nzbget.confd nzbget + systemd_dounit "${FILESDIR}"/nzbget.service +} + +pkg_preinst() { + fowners nzbget:nzbget /var/log/nzbget + fperms 750 /var/log/nzbget + + fowners nzbget:nzbget /etc/nzbgetd.conf + fperms 640 /etc/nzbgetd.conf +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog + elog "Please add users that you want to be able to use the system-wide" + elog "nzbget daemon to the nzbget group. To access the daemon, run nzbget" + elog "with the --configfile /etc/nzbgetd.conf option." + elog + fi +} -- cgit v1.2.3