diff options
author | Ben de Groot <yngwin@gentoo.org> | 2009-06-28 00:02:56 +0000 |
---|---|---|
committer | Ben de Groot <yngwin@gentoo.org> | 2009-06-28 00:02:56 +0000 |
commit | 7089c117450428d8f426d187a296a1e5a9911754 (patch) | |
tree | 1ef14d3203436bb9269c9be06bbf344a3000aa62 /net-libs | |
parent | Bug #275649: version bump. (diff) | |
download | gentoo-2-7089c117450428d8f426d187a296a1e5a9911754.tar.gz gentoo-2-7089c117450428d8f426d187a296a1e5a9911754.tar.bz2 gentoo-2-7089c117450428d8f426d187a296a1e5a9911754.zip |
Cleanup, add 0.13-r1 with security fix for bug 273156, various other fixes
(Portage version: 2.2_rc33/cvs/Linux x86_64)
Diffstat (limited to 'net-libs')
10 files changed, 186 insertions, 269 deletions
diff --git a/net-libs/rb_libtorrent/ChangeLog b/net-libs/rb_libtorrent/ChangeLog index 040b7ce75100..965048fdeb2f 100644 --- a/net-libs/rb_libtorrent/ChangeLog +++ b/net-libs/rb_libtorrent/ChangeLog @@ -1,6 +1,25 @@ # ChangeLog for net-libs/rb_libtorrent # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/ChangeLog,v 1.58 2009/06/27 12:56:43 yngwin Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/ChangeLog,v 1.59 2009/06/28 00:02:56 yngwin Exp $ + +*rb_libtorrent-0.13-r1 (27 Jun 2009) + + 27 Jun 2009; Ben de Groot <yngwin@gentoo.org> + -rb_libtorrent-0.12.1.ebuild, +rb_libtorrent-0.13-r1.ebuild, + -rb_libtorrent-0.13_p2335.ebuild, + +files/rb_libtorrent-0.13-CVE-2009-1760.patch, + -rb_libtorrent-0.13.1.ebuild, +files/rb_libtorrent-0.13-boost-1.37.patch, + +files/rb_libtorrent-0.13-gcc44.patch, -rb_libtorrent-0.14.1.ebuild, + -rb_libtorrent-0.14.2.ebuild: + Remove all older ebuilds, except for latest stable. + Add 0.13-r1 with the following changes: + - add security patch for CVE-2009-1760 (bug 273156) + - add patch to fix building with boost-1.37 (bug 270447) + - migrate to EAPI=2 and general cleanup + - use append-ldflags from flag-o-matic.eclass + - disable as-needed for now (bug 271818) + - add minor patch to fix compilation with gcc-4.4 + - add doc useflag to install HTML documentation 27 Jun 2009; Ben de Groot <yngwin@gentoo.org> metadata.xml: Add qt herd as co-maintainer, as this is a dependency of qbittorrent diff --git a/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch new file mode 100644 index 000000000000..d91e20689bd3 --- /dev/null +++ b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-CVE-2009-1760.patch @@ -0,0 +1,92 @@ +From 160ea4fe2beb1d433c96fc432772fd0122421c95 Mon Sep 17 00:00:00 2001 +From: Robert Buchholz <rbu@gentoo.org> +Date: Mon, 8 Jun 2009 12:04:41 +0200 +Subject: [PATCH] backport CVE-2009-1760 fix from r3621 + +--- + src/torrent_info.cpp | 47 ++++++++++++++++++++++++++++------------------- + 1 files changed, 28 insertions(+), 19 deletions(-) + +diff --git a/src/torrent_info.cpp b/src/torrent_info.cpp +index 57c8a97..fc6d284 100755 +--- a/src/torrent_info.cpp ++++ b/src/torrent_info.cpp +@@ -39,6 +39,7 @@ POSSIBILITY OF SUCH DAMAGE. + #include <iterator> + #include <algorithm> + #include <set> ++#include <string> + + #ifdef _MSC_VER + #pragma warning(push, 1) +@@ -74,6 +75,29 @@ namespace + str += 0x80 | (chr & 0x3f); + } + ++ bool valid_path_element(std::string const& element) ++ { ++ if (element.empty() ++ || element == "." || element == ".." ++ || element[0] == '/' || element[0] == '\\' ++ || element[element.size()-1] == ':') ++ return false; ++ return true; ++ } ++ ++ fs::path sanitize_path(fs::path const& p) ++ { ++ fs::path new_path; ++ for (fs::path::const_iterator i = p.begin(); i != p.end(); ++i) ++ { ++ if (!valid_path_element(*i)) continue; ++ std::string pe = *i; ++ new_path /= pe; ++ } ++ TORRENT_ASSERT(!new_path.is_complete()); ++ return new_path; ++ } ++ + void verify_encoding(file_entry& target) + { + std::string tmp_path; +@@ -184,9 +208,9 @@ namespace + for (entry::list_type::const_iterator i = list->begin(); + i != list->end(); ++i) + { +- if (i->string() != "..") +- target.path /= i->string(); ++ target.path /= i->string(); + } ++ target.path = sanitize_path(target.path); + verify_encoding(target); + if (target.path.is_complete()) throw std::runtime_error("torrent contains " + "a file with an absolute path: '" +@@ -349,23 +373,8 @@ namespace libtorrent + else + { m_name = info["name"].string(); } + +- fs::path tmp = m_name; +- if (tmp.is_complete()) +- { +- m_name = tmp.leaf(); +- } +- else if (tmp.has_branch_path()) +- { +- fs::path p; +- for (fs::path::iterator i = tmp.begin() +- , end(tmp.end()); i != end; ++i) +- { +- if (*i == "." || *i == "..") continue; +- p /= *i; +- } +- m_name = p.string(); +- } +- if (m_name == ".." || m_name == ".") ++ m_name = sanitize_path(m_name).string(); ++ if (!valid_path_element(m_name)) + throw std::runtime_error("invalid 'name' of torrent (possible exploit attempt)"); + + // extract file list +-- +1.6.3.1 + diff --git a/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch new file mode 100644 index 000000000000..f1b95d8d6050 --- /dev/null +++ b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-boost-1.37.patch @@ -0,0 +1,11 @@ +diff -ur libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp libtorrent-0.13/include/libtorrent/disk_io_thread.hpp +--- libtorrent-0.13.orig/include/libtorrent/disk_io_thread.hpp 2009-05-27 10:45:06.000000000 +0200 ++++ libtorrent-0.13/include/libtorrent/disk_io_thread.hpp 2009-05-27 11:33:50.000000000 +0200 +@@ -38,6 +38,7 @@ + #endif + + #include "libtorrent/storage.hpp" ++#include <boost/thread/condition.hpp> + #include <boost/thread/thread.hpp> + #include <boost/function.hpp> + #include <boost/thread/mutex.hpp> diff --git a/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch new file mode 100644 index 000000000000..e89c19c85fdc --- /dev/null +++ b/net-libs/rb_libtorrent/files/rb_libtorrent-0.13-gcc44.patch @@ -0,0 +1,10 @@ +--- libtorrent-0.13/src/identify_client.cpp.orig 2009-06-28 01:11:36.000000000 +0200 ++++ libtorrent-0.13/src/identify_client.cpp 2009-06-28 01:12:33.000000000 +0200 +@@ -34,6 +34,7 @@ + + #include <cctype> + #include <algorithm> ++#include <cstdio> + + #ifdef _MSC_VER + #pragma warning(push, 1) diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.12.1.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.12.1.ebuild deleted file mode 100644 index d187590b20b4..000000000000 --- a/net-libs/rb_libtorrent/rb_libtorrent-0.12.1.ebuild +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.12.1.ebuild,v 1.4 2008/04/19 17:09:42 armin76 Exp $ - -inherit eutils autotools - -MY_P=${P/rb_/} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="BitTorrent library written in C++ for *nix." -HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" -SRC_URI="mirror://sourceforge/libtorrent/${MY_P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="amd64 x86 ~x86-fbsd" -IUSE="debug" - -DEPEND="dev-libs/boost - !net-libs/libtorrent" -RDEPEND="${DEPEND}" - -pkg_setup() { - # We need boost built with threads - if ! built_with_use --missing true "dev-libs/boost" threads; then - eerror "${PN} needs dev-libs/boost built with threads USE flag" - die "dev-libs/boost is built without threads USE flag" - fi -} - -src_compile() { - BOOST_LIBS="--with-boost-date-time=boost_date_time-mt \ - --with-boost-filesystem=boost_filesystem-mt \ - --with-boost-thread=boost_thread-mt \ - --with-boost-regex=boost_regex-mt \ - --with-boost-program_options=boost_program_options-mt" - - econf $(use_enable debug) \ - ${BOOST_LIBS} \ - LDFLAGS="${LDFLAGS} -pthread" || die "econf failed" - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - dodoc ChangeLog AUTHORS NEWS README -} diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.13-r1.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.13-r1.ebuild new file mode 100644 index 000000000000..929c0ba3c276 --- /dev/null +++ b/net-libs/rb_libtorrent/rb_libtorrent-0.13-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.13-r1.ebuild,v 1.1 2009/06/28 00:02:56 yngwin Exp $ + +EAPI="2" +inherit eutils flag-o-matic + +MY_P=${P/rb_/} +S=${WORKDIR}/${MY_P} + +DESCRIPTION="A C++ BitTorrent implementation focusing on efficiency and scalability" +HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" +SRC_URI="mirror://sourceforge/libtorrent/${MY_P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" +IUSE="debug doc" + +DEPEND="|| ( >=dev-libs/boost-1.34.1 + ~dev-libs/boost-1.33.1[threads] ) + !net-libs/libtorrent" +RDEPEND="${DEPEND}" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2009-1760.patch # bug 273156 + epatch "${FILESDIR}"/${P}-boost-1.37.patch # bug 270447 + epatch "${FILESDIR}"/${P}-gcc44.patch +} + +src_configure() { + append-ldflags -pthread + + # fails with as-needed, bug 271818 + append-ldflags -Wl,--no-as-needed + + # use multi-threaded boost libs + local BOOST_LIBS="--with-boost-date-time=boost_date_time-mt \ + --with-boost-filesystem=boost_filesystem-mt \ + --with-boost-thread=boost_thread-mt \ + --with-boost-regex=boost_regex-mt \ + --with-boost-program_options=boost_program_options-mt" + + econf $(use_enable debug) ${BOOST_LIBS} +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + dodoc ChangeLog AUTHORS NEWS README || die "dodoc failed" + if use doc ; then + dohtml docs/* || die "Could not install HTML documentation" + fi +} diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.13.1.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.13.1.ebuild deleted file mode 100644 index 37d4d510b33d..000000000000 --- a/net-libs/rb_libtorrent/rb_libtorrent-0.13.1.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.13.1.ebuild,v 1.1 2008/07/05 19:14:17 armin76 Exp $ - -inherit eutils autotools - -MY_P=${P/rb_/} -MY_P=${MY_P/torrent/torrent-rasterbar} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="BitTorrent library written in C++ for *nix." -HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" -SRC_URI="mirror://sourceforge/libtorrent/${MY_P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" - -IUSE="debug" - -DEPEND="dev-libs/boost - !net-libs/libtorrent" -RDEPEND="${DEPEND}" - -pkg_setup() { - # We need boost built with threads - if ! built_with_use --missing true "dev-libs/boost" threads; then - eerror "${PN} needs dev-libs/boost built with threads USE flag" - die "dev-libs/boost is built without threads USE flag" - fi -} - -src_compile() { - BOOST_LIBS="--with-boost-date-time=boost_date_time-mt \ - --with-boost-filesystem=boost_filesystem-mt \ - --with-boost-thread=boost_thread-mt \ - --with-boost-regex=boost_regex-mt \ - --with-boost-program_options=boost_program_options-mt" - - econf $(use_enable debug) \ - ${BOOST_LIBS} \ - LDFLAGS="${LDFLAGS} -pthread" || die "econf failed" - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - dodoc ChangeLog AUTHORS NEWS README -} diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.13_p2335.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.13_p2335.ebuild deleted file mode 100644 index 93b60227aa86..000000000000 --- a/net-libs/rb_libtorrent/rb_libtorrent-0.13_p2335.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.13_p2335.ebuild,v 1.1 2008/06/03 10:40:41 armin76 Exp $ - -WANT_AUTOCONF="latest" -WANT_AUTOMAKE="latest" -inherit eutils autotools - -MY_P="${P/rb_/}" - -DESCRIPTION="BitTorrent library written in C++ for *nix." -HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" -SRC_URI="mirror://gentoo/${MY_P}.tar.bz2" -S="${WORKDIR}/${MY_P}" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" -IUSE="debug" - -DEPEND="dev-libs/boost - !net-libs/libtorrent" - -pkg_setup() { - # We need boost built with threads - if ! built_with_use --missing true "dev-libs/boost" threads; then - eerror "${PN} needs dev-libs/boost built with threads USE flag" - die "dev-libs/boost is built without threads USE flag" - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - - AT_M4DIR="m4" eautoreconf -} - -src_compile() { - BOOST_LIBS="--with-boost-date-time=boost_date_time-mt \ - --with-boost-filesystem=boost_filesystem-mt \ - --with-boost-thread=boost_thread-mt \ - --with-boost-regex=boost_regex-mt \ - --with-boost-program_options=boost_program_options-mt" - - econf $(use_enable debug) \ - ${BOOST_LIBS} \ - LDFLAGS="${LDFLAGS} -pthread" || die "econf failed" - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - dodoc ChangeLog AUTHORS NEWS README -} diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.14.1.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.14.1.ebuild deleted file mode 100644 index f21047f840cd..000000000000 --- a/net-libs/rb_libtorrent/rb_libtorrent-0.14.1.ebuild +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.14.1.ebuild,v 1.1 2008/12/28 21:35:27 coldwind Exp $ - -inherit eutils autotools - -MY_P=${P/rb_/} -MY_P=${MY_P/torrent/torrent-rasterbar} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="BitTorrent library written in C++ for *nix." -HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" -SRC_URI="mirror://sourceforge/libtorrent/${MY_P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" - -IUSE="debug examples python test" - -DEPEND=" - >=dev-libs/boost-1.34 - || ( >=dev-libs/boost-1.35 dev-cpp/asio ) - sys-libs/zlib - !net-libs/libtorrent" -RDEPEND="${DEPEND}" - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}"/${P}-ax_python_path.patch - eautoreconf -} - -src_compile() { - #use multi-threading versions of boost libs - local BOOST_LIBS=" - --with-boost-system=boost_system-mt \ - --with-boost-asio=boost_system-mt \ - --with-boost-filesystem=boost_filesystem-mt \ - --with-boost-thread=boost_thread-mt \ - --with-boost-regex=boost_regex-mt \ - --with-boost-python=boost_python-mt \ - --with-boost-program_options=boost_program_options-mt" - - #TODO: We might want to add 'use debug -> --with-logging=verbose - econf \ - $(use_enable debug) \ - $(use_enable test tests) \ - $(use_enable examples) \ - $(use_enable python python-binding) \ - --with-zlib=system \ - --with-asio=system \ - ${BOOST_LIBS} \ - LDFLAGS="${LDFLAGS} -pthread" || die "econf failed" - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - dodoc ChangeLog AUTHORS NEWS README -} diff --git a/net-libs/rb_libtorrent/rb_libtorrent-0.14.2.ebuild b/net-libs/rb_libtorrent/rb_libtorrent-0.14.2.ebuild deleted file mode 100644 index ed2673ea9a17..000000000000 --- a/net-libs/rb_libtorrent/rb_libtorrent-0.14.2.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/rb_libtorrent/rb_libtorrent-0.14.2.ebuild,v 1.2 2009/03/29 16:55:21 armin76 Exp $ - -inherit eutils autotools - -MY_P=${P/rb_/} -MY_P=${MY_P/torrent/torrent-rasterbar} -S=${WORKDIR}/${MY_P} - -DESCRIPTION="BitTorrent library written in C++ for *nix." -HOMEPAGE="http://www.rasterbar.com/products/libtorrent/" -SRC_URI="mirror://sourceforge/libtorrent/${MY_P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~ppc64 ~x86 ~x86-fbsd" - -IUSE="debug examples python test" - -DEPEND=" - >=dev-libs/boost-1.34 - || ( >=dev-libs/boost-1.35 dev-cpp/asio ) - sys-libs/zlib - !net-libs/libtorrent" -RDEPEND="${DEPEND}" - -src_compile() { - #use multi-threading versions of boost libs - local BOOST_LIBS=" - --with-boost-system=boost_system-mt \ - --with-boost-asio=boost_system-mt \ - --with-boost-filesystem=boost_filesystem-mt \ - --with-boost-thread=boost_thread-mt \ - --with-boost-regex=boost_regex-mt \ - --with-boost-python=boost_python-mt \ - --with-boost-program_options=boost_program_options-mt" - - #TODO: We might want to add 'use debug -> --with-logging=verbose - econf \ - $(use_enable debug) \ - $(use_enable test tests) \ - $(use_enable examples) \ - $(use_enable python python-binding) \ - --with-zlib=system \ - --with-asio=system \ - ${BOOST_LIBS} \ - LDFLAGS="${LDFLAGS} -pthread" || die "econf failed" - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - dodoc ChangeLog AUTHORS NEWS README -} |