diff options
Diffstat (limited to 'net-nntp')
-rw-r--r-- | net-nntp/nzbget/Manifest | 1 | ||||
-rw-r--r-- | net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch | 174 | ||||
-rw-r--r-- | net-nntp/nzbget/nzbget-24.2.ebuild | 117 |
3 files changed, 292 insertions, 0 deletions
diff --git a/net-nntp/nzbget/Manifest b/net-nntp/nzbget/Manifest index 059d1d38d04c..a14970625b51 100644 --- a/net-nntp/nzbget/Manifest +++ b/net-nntp/nzbget/Manifest @@ -1,2 +1,3 @@ DIST nzbget-21.1.tar.gz 1988916 BLAKE2B 74298c5c7f3986831f36832a8ffe596543196b5b46500925de478bf11cab8e66fb36dee9458533a4194d82123765b29e37914463d72fd206e218b4875861001a SHA512 d8dc1ad324f675c5505e623049a14c022475267aa03dcd5d8fd6cf9ed3b776cc2776077b61d035e252937ea4b6bf8f90bd33e715cfd842d2e012615df3ffeafb DIST nzbget-24.1.tar.gz 5365282 BLAKE2B 4fe260c361888d99eaf457a520b39560320b86d181cd12891b35962c9d4c6d773aeb389bf2254029fc58643bb5b04eb24917db9319f1a1068014feed08521dde SHA512 eb4a60cb3a529e2fb8242615e57758ceed615a573fabbe7170490e7af8c228edc90a096860ab7cf49ee85fc834cb8db30aa866c4f149679396139e54c166cf5c +DIST nzbget-24.2.tar.gz 5512752 BLAKE2B ef4c6e562976030b790a93747d11d6b7059be7cb8bc9076068c037a0e8d25f09054ff280417b52f534af50aec0f11cd21959f995ae8252a21ea274aa7efdfc84 SHA512 ad280315f9a60bf206a134e3703337af2e2dfb8282dd5efc55af071f82f5f7e7857f819dd843f6ae70cd7fcea2c84de4db535d7658fb5255a380ffcf685a680f diff --git a/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch b/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch new file mode 100644 index 000000000000..fcaeb9a5c2d6 --- /dev/null +++ b/net-nntp/nzbget/files/nzbget-24.2-fix-getrealpath-buffer-overflow.patch @@ -0,0 +1,174 @@ +https://github.com/nzbgetcom/nzbget/commit/f89978f7479cbb0ff2f96c8632d9d2f31834e6c8 + +From f89978f7479cbb0ff2f96c8632d9d2f31834e6c8 Mon Sep 17 00:00:00 2001 +From: Denis <146707790+dnzbk@users.noreply.github.com> +Date: Wed, 7 Aug 2024 11:54:33 -0700 +Subject: [PATCH] Fixed: buffer overflow using getrealpath function (#346) + +- use a safer approach of using `getrealpath` according to the [doc](https://man7.org/linux/man-pages/man3/realpath.3.html) +- using `std::string_view` instead of `std::string&` for better performance +- improved `SystemInfoTest` to make it more flexible +--- a/daemon/util/FileSystem.cpp ++++ b/daemon/util/FileSystem.cpp +@@ -56,20 +56,21 @@ void FileSystem::NormalizePathSeparators(char* path) + } + } + +-std::optional<std::string> FileSystem::GetFileRealPath(const std::string& path) ++std::optional<std::string> FileSystem::GetFileRealPath(std::string_view path) + { +- char buffer[256]; +- + #ifdef WIN32 +- DWORD len = GetFullPathName(path.c_str(), 256, buffer, nullptr); ++ char buffer[MAX_PATH]; ++ DWORD len = GetFullPathName(path.data(), MAX_PATH, buffer, nullptr); + if (len != 0) + { +- return std::optional<std::string>{ buffer }; ++ return std::optional{ buffer }; + } + #else +- if (realpath(path.c_str(), buffer) != nullptr) ++ if (char* realPath = realpath(path.data(), nullptr)) + { +- return std::optional<std::string>{ buffer }; ++ std::string res = realPath; ++ free(realPath); ++ return std::optional(std::move(res)); + } + #endif + +--- a/daemon/util/FileSystem.h ++++ b/daemon/util/FileSystem.h +@@ -40,7 +40,7 @@ class FileSystem + static char* BaseFileName(const char* filename); + static bool SameFilename(const char* filename1, const char* filename2); + static void NormalizePathSeparators(char* path); +- static std::optional<std::string> GetFileRealPath(const std::string& path); ++ static std::optional<std::string> GetFileRealPath(std::string_view path); + static bool LoadFileIntoBuffer(const char* filename, CharBuffer& buffer, bool addTrailingNull); + static bool SaveBufferIntoFile(const char* filename, const char* buffer, int bufLen); + static bool AllocateFile(const char* filename, int64 size, bool sparse, CString& errmsg); +--- a/tests/system/SystemInfoTest.cpp ++++ b/tests/system/SystemInfoTest.cpp +@@ -28,22 +28,22 @@ + #include "Log.h" + #include "DiskState.h" + +-Log* g_Log = new Log(); ++Log* g_Log; + Options* g_Options; + DiskState* g_DiskState; + +-std::string GetToolsJsonStr(const std::vector<System::Tool> tools) ++std::string GetToolsJsonStr(const std::vector<System::Tool>& tools) + { + std::string json = "\"Tools\":["; + + for (size_t i = 0; i < tools.size(); ++i) + { + std::string path = tools[i].path; +- for (size_t i = 0; i < path.length(); ++i) { +- if (path[i] == '\\') ++ for (size_t j = 0; j < path.length(); ++j) { ++ if (path[j] == '\\') + { +- path.insert(i, "\\"); +- ++i; ++ path.insert(j, "\\"); ++ ++j; + } + } + +@@ -62,7 +62,7 @@ std::string GetToolsJsonStr(const std::vector<System::Tool> tools) + return json; + } + +-std::string GetLibrariesJsonStr(const std::vector<System::Library> libs) ++std::string GetLibrariesJsonStr(const std::vector<System::Library>& libs) + { + std::string json = "\"Libraries\":["; + +@@ -82,7 +82,7 @@ std::string GetLibrariesJsonStr(const std::vector<System::Library> libs) + return json; + } + +-std::string GetToolsXmlStr(const std::vector<System::Tool> tools) ++std::string GetToolsXmlStr(const std::vector<System::Tool>& tools) + { + std::string xml = "<Tools>"; + +@@ -110,7 +110,7 @@ std::string GetToolsXmlStr(const std::vector<System::Tool> tools) + return xml; + } + +-std::string GetLibrariesXmlStr(const std::vector<System::Library> libs) ++std::string GetLibrariesXmlStr(const std::vector<System::Library>& libs) + { + std::string xml = "<Libraries>"; + +@@ -126,13 +126,32 @@ std::string GetLibrariesXmlStr(const std::vector<System::Library> libs) + return xml; + } + ++std::string GetNetworkXmlStr(const System::Network& network) ++{ ++ std::string res = "<Network>"; ++ res += network.publicIP.empty() ++ ? "<member><name>PublicIP</name><value><string/></value></member>" ++ : "<member><name>PublicIP</name><value><string>" + network.publicIP + "</string></value></member>"; ++ ++ res += network.privateIP.empty() ++ ? "<member><name>PrivateIP</name><value><string/></value></member>" ++ : "<member><name>PrivateIP</name><value><string>" + network.privateIP + "</string></value></member>"; ++ ++ res += "</Network>"; ++ return res; ++} ++ + BOOST_AUTO_TEST_CASE(SystemInfoTest) + { +- BOOST_CHECK(0 == 0); ++ Log log; ++ DiskState ds; + Options::CmdOptList cmdOpts; + cmdOpts.push_back("SevenZipCmd=7z"); + cmdOpts.push_back("UnrarCmd=unrar"); + Options options(&cmdOpts, nullptr); ++ ++ g_Log = &log; ++ g_DiskState = &ds; + g_Options = &options; + + auto sysInfo = std::make_unique<System::SystemInfo>(); +@@ -157,14 +176,25 @@ BOOST_AUTO_TEST_CASE(SystemInfoTest) + "</string></value></member>" + + "<member><name>Arch</name><value><string>" + sysInfo->GetCPUInfo().GetArch() + + "</string></value></member></CPU>" + +- "<Network><member><name>PublicIP</name><value><string>" + sysInfo->GetNetworkInfo().publicIP + +- "</string></value></member>" +- "<member><name>PrivateIP</name><value><string>" + sysInfo->GetNetworkInfo().privateIP + +- "</string></value></member></Network>" + ++ GetNetworkXmlStr(sysInfo->GetNetworkInfo()) + + GetToolsXmlStr(sysInfo->GetTools()) + + GetLibrariesXmlStr(sysInfo->GetLibraries()) + + "</struct></value>"; + ++ BOOST_TEST_MESSAGE("EXPECTED JSON STR: "); ++ BOOST_TEST_MESSAGE(jsonStrExpected); ++ ++ BOOST_TEST_MESSAGE("RESULT JSON STR: "); ++ BOOST_TEST_MESSAGE(jsonStrResult); ++ ++ BOOST_TEST_MESSAGE("EXPECTED XML STR: "); ++ BOOST_TEST_MESSAGE(xmlStrExpected); ++ ++ BOOST_TEST_MESSAGE("RESULT XML STR: "); ++ BOOST_TEST_MESSAGE(xmlStrResult); ++ + BOOST_CHECK(jsonStrResult == jsonStrExpected); + BOOST_CHECK(xmlStrResult == xmlStrExpected); ++ ++ xmlCleanupParser(); + } diff --git a/net-nntp/nzbget/nzbget-24.2.ebuild b/net-nntp/nzbget/nzbget-24.2.ebuild new file mode 100644 index 000000000000..61ab9a26e4e2 --- /dev/null +++ b/net-nntp/nzbget/nzbget-24.2.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake systemd + +DESCRIPTION="A command-line based binary newsgrabber supporting .nzb files" +HOMEPAGE="https://nzbget.com/" +SRC_URI="https://github.com/nzbgetcom/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86" +IUSE="gnutls ncurses +parcheck ssl test zlib" +RESTRICT="!test? ( test )" + +DEPEND=" + dev-libs/boost:= + dev-libs/libxml2:= + ncurses? ( sys-libs/ncurses:0= ) + ssl? ( + gnutls? ( + net-libs/gnutls:= + dev-libs/nettle:= + ) + !gnutls? ( dev-libs/openssl:0=[-bindist(-)] ) + ) + zlib? ( sys-libs/zlib:= )" +RDEPEND=" + ${DEPEND} + acct-user/nzbget + acct-group/nzbget +" +BDEPEND=" + test? ( + || ( + app-arch/rar + app-arch/unrar + ) + ) + virtual/pkgconfig +" + +DOCS=( ChangeLog.md README.md nzbget.conf ) + +PATCHES=( + "${FILESDIR}/${P}-fix-getrealpath-buffer-overflow.patch" +) + +src_prepare() { + cmake_src_prepare + + # Update the main configuration file with the correct paths + sed -i nzbget.conf \ + -e "s:^WebDir=.*:WebDir=${EPREFIX}/usr/share/nzbget/webui:" \ + -e "s:^ConfigTemplate=.*:ConfigTemplate=${EPREFIX}/usr/share/nzbget/nzbget.conf:" \ + || die + # Update the daemon-specific configuration file (used by the OpenRC and + # systemd services) + sed nzbget.conf > nzbgetd.conf \ + -e "s:^MainDir=.*:MainDir=${EPREFIX}/var/lib/nzbget:" \ + -e "s:^LogFile=.*:LogFile=${EPREFIX}/var/log/nzbget/nzbget.log:" \ + -e 's:^DaemonUsername=.*:DaemonUsername=nzbget:' \ + || die +} + +src_configure() { + local mycmakeargs=( + -DDISABLE_CURSES=$(usex !ncurses) + -DDISABLE_PARCHECK=$(usex !parcheck) + -DDISABLE_TLS=$(usex !ssl) + -DDISABLE_GZIP=$(usex !zlib) + -DUSE_OPENSSL=$(usex !gnutls) + -DUSE_GNUTLS=$(usex gnutls) + -DENABLE_TESTS=$(usex test) + ) + cmake_src_configure +} + +src_install() { + cmake_src_install + + insinto /etc + doins nzbget.conf + doins nzbgetd.conf + + # The configuration file's "ConfigTemplate" option points to this, we must + # make sure it exists as the Web UI reads it. It is not installed by + # default, see the "install-conf" target in cmake/install.cmake. + insinto /usr/share/nzbget + doins nzbget.conf + + keepdir /var/log/nzbget + + newinitd "${FILESDIR}"/nzbget.initd-r1 nzbget + newconfd "${FILESDIR}"/nzbget.confd nzbget + systemd_dounit "${FILESDIR}"/nzbget.service +} + +pkg_preinst() { + fowners nzbget:nzbget /var/log/nzbget + fperms 750 /var/log/nzbget + + fowners nzbget:nzbget /etc/nzbgetd.conf + fperms 640 /etc/nzbgetd.conf +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog + elog "Please add users that you want to be able to use the system-wide" + elog "nzbget daemon to the nzbget group. To access the daemon, run nzbget" + elog "with the --configfile /etc/nzbgetd.conf option." + elog + fi +} |