-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-p2p/rtorrent: Resolve overflow issue on hardened build
Closes: https://bugs.gentoo.org/891995 Signed-off-by: Stephen Shkardoon <ss23@ss23.geek.nz> Closes: #29834 Signed-off-by: Sam James <sam@gentoo.org>
- Loading branch information
1 parent
77a1c25
commit ee49853
Showing
2 changed files
with
101 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
https://bugs.gentoo.org/891995 | ||
https://github.com/rakshasa/rtorrent/issues/1205 | ||
https://github.com/rakshasa/rtorrent/pull/1169 | ||
|
||
From 812bba81bc049a5f786282b3654cab294b0ef236 Mon Sep 17 00:00:00 2001 | ||
From: Aleksa Sarai <cyphar@cyphar.com> | ||
Date: Mon, 20 Jun 2022 19:09:57 +1000 | ||
Subject: [PATCH] utils: lockfile: avoid stack overflow for lockfile buffer | ||
|
||
There appears to have been some change on openSUSE (likely some new | ||
hardening flags for builds, or some glibc hardening) such that incorrect | ||
buffer handling results in a segfault even if the buffer is never | ||
overflowed. | ||
|
||
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> | ||
--- a/src/utils/lockfile.cc | ||
+++ b/src/utils/lockfile.cc | ||
@@ -98,7 +98,8 @@ Lockfile::try_lock() { | ||
int pos = ::gethostname(buf, 255); | ||
|
||
if (pos == 0) { | ||
- ::snprintf(buf + std::strlen(buf), 255, ":+%i\n", ::getpid()); | ||
+ ssize_t len = std::strlen(buf); | ||
+ ::snprintf(buf + len, 255 - len, ":+%i\n", ::getpid()); | ||
int __UNUSED result = ::write(fd, buf, std::strlen(buf)); | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# Copyright 1999-2023 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=8 | ||
|
||
inherit autotools linux-info systemd | ||
|
||
DESCRIPTION="BitTorrent Client using libtorrent" | ||
HOMEPAGE="https://rakshasa.github.io/rtorrent/" | ||
SRC_URI="http://rtorrent.net/downloads/${P}.tar.gz" | ||
|
||
LICENSE="GPL-2" | ||
SLOT="0" | ||
KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x64-solaris" | ||
IUSE="debug selinux test xmlrpc" | ||
RESTRICT="!test? ( test )" | ||
|
||
COMMON_DEPEND="~net-libs/libtorrent-0.13.${PV##*.} | ||
>=net-misc/curl-7.19.1 | ||
sys-libs/ncurses:0= | ||
xmlrpc? ( dev-libs/xmlrpc-c:= )" | ||
RDEPEND="${COMMON_DEPEND} | ||
selinux? ( sec-policy/selinux-rtorrent ) | ||
" | ||
DEPEND="${COMMON_DEPEND} | ||
dev-util/cppunit | ||
virtual/pkgconfig" | ||
|
||
DOCS=( doc/rtorrent.rc ) | ||
|
||
PATCHES=( | ||
"${FILESDIR}/${P}-bgo891995.patch" | ||
) | ||
|
||
pkg_setup() { | ||
if ! linux_config_exists || ! linux_chkconfig_present IPV6; then | ||
ewarn "rtorrent will not start without IPv6 support in your kernel" | ||
ewarn "without further configuration. Please set bind=0.0.0.0 or" | ||
ewarn "similar in your rtorrent.rc" | ||
ewarn "Upstream bug: https://github.com/rakshasa/rtorrent/issues/732" | ||
fi | ||
} | ||
|
||
src_prepare() { | ||
default | ||
|
||
# https://github.com/rakshasa/rtorrent/issues/332 | ||
cp "${FILESDIR}"/rtorrent.1 "${S}"/doc/ || die | ||
|
||
if [[ ${CHOST} != *-darwin* ]]; then | ||
# syslibroot is only for macos, change to sysroot for others | ||
sed -i 's/Wl,-syslibroot,/Wl,--sysroot,/' "${S}/scripts/common.m4" || die | ||
fi | ||
|
||
eautoreconf | ||
} | ||
|
||
src_configure() { | ||
default | ||
|
||
# configure needs bash or script bombs out on some null shift, bug #291229 | ||
CONFIG_SHELL=${BASH} econf \ | ||
$(use_enable debug) \ | ||
$(use_with xmlrpc xmlrpc-c) | ||
} | ||
|
||
src_install() { | ||
default | ||
doman doc/rtorrent.1 | ||
|
||
newinitd "${FILESDIR}/rtorrent-r1.init" rtorrent | ||
newconfd "${FILESDIR}/rtorrentd.conf" rtorrent | ||
systemd_newunit "${FILESDIR}/rtorrentd_at-r1.service" "rtorrentd@.service" | ||
} |